{"id":29975,"date":"2022-01-13T19:39:14","date_gmt":"2022-01-13T17:39:14","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/29975\/"},"modified":"2022-01-13T19:39:14","modified_gmt":"2022-01-13T17:39:14","slug":"microsoft-patches-about-a-hundred-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/29975\/","title":{"rendered":"Another year, another Tuesday"},"content":{"rendered":"<p>Microsoft started the year with a massive vulnerability fix, releasing not only its regular first-Tuesday update, which this time <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\" target=\"_blank\" rel=\"nofollow noopener\">covers a total of 96 vulnerabilities<\/a>, but also issuing a bunch of fixes for the Microsoft Edge browser (mainly related to the Chromium engine). That makes more than 120 vulnerabilities patched since the beginning of the year. This is a clear reason to update the operating system and some Microsoft applications as soon as possible.<\/p>\n<h2>Most severe vulnerabilities <\/h2>\n<p>Nine of the vulnerabilities that were closed this Tuesday have a critical rating on the CVSS 3.1 scale. Of those, two are related to <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/privilege-escalation\/\" target=\"_blank\" rel=\"noopener\">privilege escalation<\/a>: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21833\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21833<\/a> in Virtual Machine IDE Drive and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21857\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21857<\/a> in Active Directory Domain Services. Exploitation of the other seven can give an attacker the <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/remote-code-execution-rce\/\" target=\"_blank\" rel=\"noopener\">remote code execution<\/a> ability:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21917\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21917<\/a> in HEVC Video Extensions;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21912\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21912<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21898\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21898<\/a> in DirectX Graphics Kernel;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21846\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21846<\/a> in Microsoft Exchange Server;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21840\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21840<\/a> in Microsoft Office;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2021-22947\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2021-22947<\/a> in Open Source Curl;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21907\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21907<\/a> in HTTP Protocol Stack.<\/li>\n<\/ul>\n<p>The last one seems to be the most unpleasant vulnerability. A bug in the HTTP protocol stack theoretically allows attackers not only to make the affected computer execute arbitrary code, but also to spread the attack over the local network (according to Microsoft terminology, the vulnerability is classified as <em>wormable<\/em> \u2014 that is, it can be used to create a <a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/worm\/\" target=\"_blank\" rel=\"noopener\">worm<\/a>). This vulnerability is relevant for Windows 10, Windows 11, Windows Server 2022, and Windows Server 2019. However, according to Microsoft, it\u2019s dangerous for users of Windows Server 2019 and Windows 10 version 1809 only if they enable HTTP Trailer Support using the EnableTrailerSupport key in the registry.<\/p>\n<p>Experts also expressed concern about the presence of another serious vulnerability in Microsoft Exchange Server \u2014 <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21846\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21846<\/a> (which, by the way, is not the only Exchange bug on the list, just the most dangerous). Their concern is totally understandable \u2014 no one wants a recurrence of last year\u2019s wave of exploited Exchange vulnerabilities.<\/p>\n<h2>Vulnerabilities with PoCs<\/h2>\n<p>Some of the fixed vulnerabilities were already known to the security community. Furthermore, someone has already published proofs of concept for them:<\/p>\n<ul>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21836\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21836<\/a> \u2014 Windows certificate spoofing vulnerability;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21839\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21839<\/a> \u2014 Windows event tracing discretionary access control list denial of service vulnerability;<\/li>\n<li><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-21919\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-21919<\/a> \u2014 Windows user profile service elevation of privilege vulnerability.<\/li>\n<\/ul>\n<p>We have not yet observed real attacks using these vulnerabilities. However, the proofs of concept are already in public, so exploitation can begin at any time.<\/p>\n<h2>How to stay safe<\/h2>\n<p>First, you need to update your operating system (and other programs from Microsoft) as soon as possible. In general, it is usually wise not to delay installing patches for critical software.<\/p>\n<p>Second, any computer or server connected to the Internet must be equipped with a reliable <a href=\"https:\/\/www.kaspersky.co.za\/small-to-medium-business-security?icid=en-za_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">security solution<\/a> capable not only of preventing the exploitation of known vulnerabilities, but also of detecting attacks with yet-unknown exploits.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial\">\n","protected":false},"excerpt":{"rendered":"<p>Microsoft patches more than a 100 vulnerabilities in Windows 10 and 11, Windows Server 2019 and 2022, Exchange Server, Office, and Edge browser.<\/p>\n","protected":false},"author":2698,"featured_media":29976,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3020,3021,2670],"tags":[1343,2724,3446,38,268,113],"class_list":{"0":"post-29975","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"category-threats","11":"tag-0days","12":"tag-edge","13":"tag-exchange","14":"tag-microsoft","15":"tag-vulnerabilities","16":"tag-windows"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/29975\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/23840\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/19337\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/9695\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/26072\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/24040\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/26728\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/26321\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/32215\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/10458\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/43348\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/18435\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/18816\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/microsoft-patches-about-a-hundred-vulnerabilities\/15695\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/27974\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/28027\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/microsoft-patches-about-a-hundred-vulnerabilities\/24784\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/microsoft-patches-about-a-hundred-vulnerabilities\/30185\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/29975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=29975"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/29975\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/29976"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=29975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=29975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=29975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}