January 2022 Patch Tuesday Index

Don't miss a single vulnerability this Patch Tuesday. The latest patches and updates from Microsoft and multiple third-party applications can be found in January's Patch Tuesday Index below.

Microsoft is starting this year with a bang with 97 vulnerabilities, more than all but two months in 2021. The number of reported critical vulnerabilities is also causing ITOps and SecOps teams to start the year off with extra work. January’s 9 critical vulnerabilities is slightly higher than last year's monthly average of 8.4 and it represents the highest monthly total since July 2021. Fortunately, Microsoft did not have any exploited vulnerabilities to report for this month.

Adobe released updates for 5 of their products including Adobe Acrobat & Reader, Illustrator, Bridge, InCopy, and InDesign. All 5 bulletins were given Adobe Priority 3 except for Acrobat & Reader which earned a Priority 2. In total, there were 41 CVEs from Adobe, including 22 Critical, 6 High, and 13 Medium.

Last week, Google announced the release of Chrome 97 in the stable channel with a total of 37 security fixes. Of these, 24 vulnerabilities were uncovered by external researchers while the other 13 were uncovered by Google as part of its ongoing internal security work. There were 2 Critical vulnerabilities in the batch, with the only Critical external vulnerability being CVE-2022-0096.

Mozilla also released their first 3 security bulletins of 2022. All 3 bulletins were rated High and included a total of 18 vulnerabilities spanning across Firefox, Firefox ESR, and Thunderbird.

Last Updated 1:24 PM ET - January 11, 2021.

chrome Google Chrome
Product
Title
Identifier
Severity
Chrome CVE-2022-0096 Use after free in Storage CVE-2022-0096 Critical
Chrome CVE-2022-0097 Inappropriate implementation in DevTools CVE-2022-0097 High
Chrome CVE-2022-0098 Use after free in Screen Capture CVE-2022-0098 High
Chrome CVE-2022-0099 Use after free in Sign-in CVE-2022-0099 High
Chrome CVE-2022-0100 Heap buffer overflow in Media streams API CVE-2022-0100 High
Chrome CVE-2022-0101 Heap buffer overflow in Bookmarks CVE-2022-0101 High
Chrome CVE-2022-0102 Type Confusion in V8 CVE-2022-0102 High
Chrome CVE-2022-0103 Use after free in SwiftShader CVE-2022-0103 High
Chrome CVE-2022-0104 Heap buffer overflow in ANGLE CVE-2022-0104 High
Chrome CVE-2022-0105 Use after free in PDF CVE-2022-0105 High
Chrome CVE-2022-0106 Use after free in Autofill CVE-2022-0106 High
Chrome CVE-2022-0107 Use after free in File Manager API CVE-2022-0107 Medium
Chrome CVE-2022-0108 Inappropriate implementation in Navigation CVE-2022-0108 Medium
Chrome CVE-2022-0109 Inappropriate implementation in Autofill CVE-2022-0109 Medium
Chrome CVE-2022-0110 Incorrect security UI in Autofill CVE-2022-0110 Medium
Chrome CVE-2022-0111 Inappropriate implementation in Navigation CVE-2022-0111 Medium
Chrome CVE-2022-0112 Incorrect security UI in Browser UI CVE-2022-0112 Medium
Chrome CVE-2022-0113 Inappropriate implementation in Blink CVE-2022-0113 Medium
Chrome CVE-2022-0114 Out of bounds memory access in Web Serial CVE-2022-0114 Medium
Chrome CVE-2022-0115 Uninitialized Use in File API CVE-2022-0115 Medium
Chrome CVE-2022-0116 Inappropriate implementation in Compositing CVE-2022-0116 Medium
Chrome CVE-2022-0117 Policy bypass in Service Workers CVE-2022-0117 Low
Chrome CVE-2022-0118 Inappropriate implementation in WebShare CVE-2022-0118 Low
Chrome CVE-2022-0120 Inappropriate implementation in Passwords CVE-2022-0120 Low
firefox Mozilla Firefox
Product
Title
Identifier
Severity
Firefox 18 security vulnerabilities fixed in Firefox 96 MFSA 2022-01 High
Firefox ESR 14 security vulnerabilities fixed in Firefox ESR 91.5 MFSA 2022-02 High
Thunderbird 14 security vulnerabilities fixed in Thunderbird 91.5 MFSA 2022-03 High
adobe Adobe
Product
Title
Identifier
Severity
Adobe Acrobat & Reader 26 security vulnerabilities fixed in Acrobat & Reader APSB22-01 Adobe Priority 2
Adobe Illustrator 2 security vulnerabilities fixed in Illustrator APSB22-02 Adobe Priority 3
Adobe Bridge 6 security vulnerabilities fixed in Bridge APSB22-03 Adobe Priority 3
Adobe InCopy 4 security vulnerabilities fixed in InCopy APSB22-04 Adobe Priority 3
Adobe InDesign 3 security vulnerabilities fixed in InDesign APSB22-05 Adobe Priority 3
microsoft Microsoft
Product
Title
Identifier
Severity
Open Source Software Open Source Curl Remote Code Execution Vulnerability CVE-2021-22947 Critical
Windows Virtual Machine IDE Drive Virtual Machine IDE Drive Elevation of Privilege Vulnerability CVE-2022-21833 Critical
Microsoft Office Microsoft Office Remote Code Execution Vulnerability CVE-2022-21840 Critical
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2022-21846 Critical
Windows Active Directory Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2022-21857 Critical
Windows DirectX DirectX Graphics Kernel Remote Code Execution Vulnerability CVE-2022-21898 Critical
Windows HTTP Protocol Stack HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907 Critical
Windows DirectX DirectX Graphics Kernel Remote Code Execution Vulnerability CVE-2022-21912 Critical
Microsoft Windows Codecs Library HEVC Video Extensions Remote Code Execution Vulnerability CVE-2022-21917 Critical
Windows Libarchive Libarchive Remote Code Execution Vulnerability CVE-2021-36976 High
Windows Certificates Windows Certificate Spoofing Vulnerability CVE-2022-21836 High
Windows Event Tracing Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability CVE-2022-21839 High
Windows Defender Windows Security Center API Remote Code Execution Vulnerability CVE-2022-21874 High
Windows User Profile Service Windows User Profile Service Elevation of Privilege Vulnerability CVE-2022-21919 High
Windows User-mode Driver Framework Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability CVE-2022-21834 High
Windows Cryptographic Services Microsoft Cryptographic Services Elevation of Privilege Vulnerability CVE-2022-21835 High
Microsoft Office SharePoint Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2022-21837 High
Windows Cleanup Manager Windows Cleanup Manager Elevation of Privilege Vulnerability CVE-2022-21838 High
Microsoft Office Excel Microsoft Excel Remote Code Execution Vulnerability CVE-2022-21841 High
Microsoft Office Word Microsoft Word Remote Code Execution Vulnerability CVE-2022-21842 High
Windows IKE Extension Windows IKE Extension Denial of Service Vulnerability CVE-2022-21843 High
Role: Windows Hyper-V Windows Hyper-V Denial of Service Vulnerability CVE-2022-21847 High
Windows IKE Extension Windows IKE Extension Denial of Service Vulnerability CVE-2022-21848 High
Windows IKE Extension Windows IKE Extension Remote Code Execution Vulnerability CVE-2022-21849 High
Windows RDP Remote Desktop Client Remote Code Execution Vulnerability CVE-2022-21850 High
Windows RDP Remote Desktop Client Remote Code Execution Vulnerability CVE-2022-21851 High
Windows DWM Core Library Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2022-21852 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2022-21855 High
Windows Bind Filter Driver Windows Bind Filter Driver Elevation of Privilege Vulnerability CVE-2022-21858 High
Windows Account Control Windows Accounts Control Elevation of Privilege Vulnerability CVE-2022-21859 High
Windows AppContracts API Server Windows AppContracts API Server Elevation of Privilege Vulnerability CVE-2022-21860 High
Windows Task Flow Data Engine Task Flow Data Engine Elevation of Privilege Vulnerability CVE-2022-21861 High
Windows Application Model Windows Application Model Core API Elevation of Privilege Vulnerability CVE-2022-21862 High
Windows StateRepository API Windows StateRepository API Server file Elevation of Privilege Vulnerability CVE-2022-21863 High
Windows UI Immersive Server Windows UI Immersive Server API Elevation of Privilege Vulnerability CVE-2022-21864 High
Windows Connected Devices Platform Service Connected Devices Platform Service Elevation of Privilege Vulnerability CVE-2022-21865 High
Windows System Launcher Windows System Launcher Elevation of Privilege Vulnerability CVE-2022-21866 High
Windows Push Notifications Windows Push Notifications Apps Elevation Of Privilege Vulnerability CVE-2022-21867 High
Windows Devices Human Interface Windows Devices Human Interface Elevation of Privilege Vulnerability CVE-2022-21868 High
Windows Clipboard User Service Clipboard User Service Elevation of Privilege Vulnerability CVE-2022-21869 High
Tablet Windows User Interface Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability CVE-2022-21870 High
Windows Diagnostic Hub Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability CVE-2022-21871 High
Windows Event Tracing Windows Event Tracing Elevation of Privilege Vulnerability CVE-2022-21872 High
Windows Tile Data Repository Tile Data Repository Elevation of Privilege Vulnerability CVE-2022-21873 High
Windows Storage Windows Storage Elevation of Privilege Vulnerability CVE-2022-21875 High
Windows Win32K Win32k Information Disclosure Vulnerability CVE-2022-21876 High
Windows Storage Spaces Controller Storage Spaces Controller Information Disclosure Vulnerability CVE-2022-21877 High
Windows Geolocation Service Windows Geolocation Service Remote Code Execution Vulnerability CVE-2022-21878 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2022-21879 High
Microsoft Graphics Component Windows GDI+ Information Disclosure Vulnerability CVE-2022-21880 High
Windows Kernel Windows Kernel Elevation of Privilege Vulnerability CVE-2022-21881 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2022-21882 High
Windows IKE Extension Windows IKE Extension Denial of Service Vulnerability CVE-2022-21883 High
Windows Local Security Authority Subsystem Service Local Security Authority Subsystem Service Elevation of Privilege Vulnerability CVE-2022-21884 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2022-21885 High
Windows Win32K Win32k Elevation of Privilege Vulnerability CVE-2022-21887 High
Windows Modern Execution Server Windows Modern Execution Server Remote Code Execution Vulnerability CVE-2022-21888 High
Windows IKE Extension Windows IKE Extension Denial of Service Vulnerability CVE-2022-21889 High
Windows IKE Extension Windows IKE Extension Denial of Service Vulnerability CVE-2022-21890 High
Microsoft Dynamics Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability CVE-2022-21891 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21892 High
Windows RDP Remote Desktop Protocol Remote Code Execution Vulnerability CVE-2022-21893 High
Windows Secure Boot Secure Boot Security Feature Bypass Vulnerability CVE-2022-21894 High
Windows User Profile Service Windows User Profile Service Elevation of Privilege Vulnerability CVE-2022-21895 High
Windows DWM Core Library Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2022-21896 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2022-21897 High
Windows UEFI Windows Extensible Firmware Interface Security Feature Bypass Vulnerability CVE-2022-21899 High
Role: Windows Hyper-V Windows Hyper-V Security Feature Bypass Vulnerability CVE-2022-21900 High
Role: Windows Hyper-V Windows Hyper-V Elevation of Privilege Vulnerability CVE-2022-21901 High
Windows DWM Core Library Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2022-21902 High
Microsoft Graphics Component Windows GDI Elevation of Privilege Vulnerability CVE-2022-21903 High
Microsoft Graphics Component Windows GDI Information Disclosure Vulnerability CVE-2022-21904 High
Role: Windows Hyper-V Windows Hyper-V Security Feature Bypass Vulnerability CVE-2022-21905 High
Windows Defender Windows Defender Application Control Security Feature Bypass Vulnerability CVE-2022-21906 High
Windows Installer Windows Installer Elevation of Privilege Vulnerability CVE-2022-21908 High
Windows Cluster Port Driver Microsoft Cluster Port Driver Elevation of Privilege Vulnerability CVE-2022-21910 High
.NET Framework and ASP.NET .NET Framework and ASP.NET Denial of Service Vulnerability CVE-2022-21911 High
Windows Local Security Authority Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass CVE-2022-21913 High
Windows Remote Access Connection Manager Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2022-21914 High
Microsoft Graphics Component Windows GDI+ Information Disclosure Vulnerability CVE-2022-21915 High
Windows Common Log File System Driver Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2022-21916 High
Windows DirectX DirectX Graphics Kernel File Denial of Service Vulnerability CVE-2022-21918 High
Windows Kerberos Windows Kerberos Elevation of Privilege Vulnerability CVE-2022-21920 High
Windows Defender Windows Defender Credential Guard Security Feature Bypass Vulnerability CVE-2022-21921 High
Windows Remote Procedure Call Runtime Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2022-21922 High
Windows Workstation Service Remote Protocol Workstation Service Remote Protocol Security Feature Bypass Vulnerability CVE-2022-21924 High
Windows BackupKey Remote Protocol Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability CVE-2022-21925 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21928 High
Microsoft Dynamics Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability CVE-2022-21932 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21958 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21959 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21960 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21961 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21962 High
Windows Resilient File System (ReFS) Windows Resilient File System (ReFS) Remote Code Execution Vulnerability CVE-2022-21963 High
Windows Remote Desktop Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability CVE-2022-21964 High
Microsoft Exchange Server Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2022-21969 High



About Automox for IT Operations

Today’s IT leaders deserve better than tedious legacy tools to manage their infrastructure. From our single cloud-native platform, automate and scale your IT operations to meet the growing business demands of the modern workforce. With complete visibility of your entire environment, you can easily monitor, identify, and respond to issues in real-time across any endpoint, regardless of OS or location.

Demo Automox to see how you can immediately gain effortless command of your endpoints.