2022-01 Microsoft vulnerability notification

Microsoft officially released 2022 year 01 Monthly security update . This month's update announced 126 A loophole , contain 32 Remote Code Execution Vulnerability 、43 A privilege escalation vulnerability 、6 An information leak 、3 An identity counterfeiting vulnerability 、9 A denial of Service Vulnerability and 9 Security feature bypass vulnerability . among 9 The vulnerability level is “Critical”（ High-risk ）,92 A for “Important”（ serious ）. Users are advised to use the tinder safety software in time （ personal / Enterprises ）【 Bug repair 】 Feature update patch .

01

Involved components

.NET Framework

Microsoft Dynamics

Microsoft Edge (Chromium-based)

Microsoft Exchange Server

Microsoft Graphics Component

Microsoft Office

Microsoft Office Excel

Microsoft Office SharePoint

Microsoft Office Word

Microsoft Teams

Microsoft Windows Codecs Library

Open Source Software

Role: Windows Hyper-V

Tablet Windows User Interface

Windows Account Control

Windows Active Directory

Windows AppContracts API Server

Windows Application Model

Windows BackupKey Remote Protocol

Windows Bind Filter Driver

Windows Certificates

Windows Cleanup Manager

Windows Clipboard User Service

Windows Cluster Port Driver

Windows Common Log File System Driver

Windows Connected Devices Platform Service

Windows Cryptographic Services

Windows Defender

Windows Devices Human Interface

Windows Diagnostic Hub

Windows DirectX

Windows DWM Core Library

Windows Event Tracing

Windows Geolocation Service

Windows HTTP Protocol Stack

Windows IKE Extension

Windows Installer

Windows Kerberos

Windows Kernel

Windows Libarchive

Windows Local Security Authority

Windows Local Security Authority Subsystem Service

Windows Modern Execution Server

Windows Push Notifications

Windows RDP

Windows Remote Access Connection Manager

Windows Remote Desktop

Windows Remote Procedure Call Runtime

Windows Resilient File System (ReFS)

Windows Secure Boot

Windows Security Center

Windows StateRepository API

Windows Storage

Windows Storage Spaces Controller

Windows System Launcher

Windows Task Flow Data Engine

Windows Tile Data Repository

Windows UEFI

Windows UI Immersive Server

Windows User Profile Service

Windows User-mode Driver Framework

Windows Virtual Machine IDE Drive

Windows Win32K

Windows Workstation Service Remote Protocol

（ Slide down to view ）

02

The following vulnerabilities require special attention

HTTP Protocol stack Remote Code Execution Vulnerability

CVE-2022-21907

Severity level ： High-risk CVSS：9.8

Utilized level ： It is likely to be used

scope ：Windows 10 1809、20H2、21H1、21H2、Windows 11、Windows Server 2019、2022、Windows Server, version 20H2

This is a network 、 No user interaction required 、 Vulnerabilities that can be exploited without privileges . Unauthenticated attackers can take advantage of HTTP Protocol stack (http.sys) Send special packets to the target server to process packets for attack . This vulnerability belongs to worm level vulnerability , The user is recommended to repair it in time .

Existing in this month 3 individual Microsoft Exchange Server Loophole , Are remote code execution vulnerabilities . An attacker who successfully exploits this vulnerability can （Wifi、 bluetooth 、 LAN etc. ） Attack or spread the virus quickly .

Microsoft Exchange Server Remote code execution vulnerability

CVE-2022-21846/CVE-2022-21855/CVE-2022-21969

Severity level ： High-risk （ serious ） CVSS：9

Utilized level ： It is likely to be used

scope ：Exchange Server 2013-2019

Active Directory Domain services privilege escalation vulnerability

CVE-2022-21857

Severity level ： High-risk CVSS：8.8

Utilized level ： May be used

Specific to... With incoming trust Active Directory Privilege escalation vulnerability in domain service environment . An attacker can elevate privileges across trust boundaries under certain conditions . The virus can successfully use this vulnerability to move horizontally in the internal network .

Windows Certificate spoofing vulnerability

CVE-2022-21836

Severity level ： serious CVSS：7.8

Utilized level ： May be used

This is an identity counterfeiting vulnerability , An attacker can use a small number of compromised certificates to bypass WPBT Binary verification .

Microsoft Office APP Remote Code Execution Vulnerability

CVE-2022-21840

Severity level ： High-risk CVSS：8.8

Utilized level ： May be used

An attacker must create malicious Microsoft Office file , And use social engineering to entice users to open the document to exploit this vulnerability . Because this vulnerability exists in Microsoft Office Application , Therefore, the fix will be passed as part of the automatic update Microsoft Store distribution .‎

Other product vulnerabilities

This month, in addition to Microsoft's own product vulnerabilities , It also disclosed two vulnerabilities in the open source software used by Microsoft

Open source Curl Remote code execution vulnerability

CVE-2021-22947

Severity level ： High-risk

Utilized level ： May be used

Libarchive Remote code execution vulnerability

CVE-2021-36976

Severity level ： serious

Utilized level ： May be used

03

Repair suggestions

1、 Through the tinder Personal Edition / Enterprise Edition 【 Bug repair 】 Function fix vulnerability .

2、 Download the official patch from Microsoft

https://msrc.microsoft.com/update-guide

Complete Microsoft notice ：

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan