• RUSSIA-UKRAINE UPDATES:

    We are providing free access to all our threat reports and related discussions for this and other widespread threats as a service to the industry and any impacted organizations. Access our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads.

    We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.
  • ATTENTION Members:

    Gradient MSP's new Alerts Module, which launched earlier this week, is now available to CompTIA ISAO members. If you are a Gradient partner, you will be able to view Threat Reports directly within available PSAs.

    Read the full announcement here, and we will be posting a recording of the technical webinar here soon showing the importance of why this matters and how to setup the integration.
Status
Not open for further replies.

We are opening this thread on the following Threat Report. Please post all related discussions and recommendations to this thread.​

Severity: High TLP: Green First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability​

Tags
  1. Critical CVE
First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Summary:

“Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to 29 issues patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP), (TheHackerNews, 2021).”

Analyst Comments:
Chief among them is CVE-2022-21907 (CVSS score: 9.8), a remote code execution vulnerability rooted in the HTTP Protocol Stack. In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.

Microsoft also resolved six zero-days as part of its Patch Tuesday update, two of which are an integration of third-party fixes concerning the open-source libraries curl and libarchive.
  • CVE-2021-22947 (CVSS score: N/A) – Open-Source curl Remote Code Execution Vulnerability
  • CVE-2021-36976 (CVSS score: N/A) – Open-source libarchive Remote Code Execution Vulnerability
  • CVE-2022-21836 (CVSS score: 7.8) – Windows Certificate Spoofing Vulnerability
  • CVE-2022-21839 (CVSS score: 6.1) – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  • CVE-2022-21874 (CVSS score: 7.8) – Windows Security Center API Remote Code Execution Vulnerability
  • CVE-2022-21919 (CVSS score: 7.0) – Windows User Profile Service Elevation
Mitigation:
Security updates have also been released by other vendors to rectify several vulnerabilities, including —
  • Adobe
  • Android
  • Cisco
  • Citrix
  • Google Chrome
  • Linux distributions Oracle Linux, Red Hat, and SUSE
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • Samba
  • SAP
  • Schneider Electric
  • Siemens
  • VMware, and
  • WordPress
Source:
https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html
 
  • Like
Reactions: Lisa Person

Mark Saner

Well-known member
Jul 26, 2021
1
0
So reports are starting to come out that KB5009557 the patch to resolve these issues are starting to cause problems on Hyper-V Servers, Domain Controllers, and systems with ReFS volumes.


I'd be interested in knowing what people are planning for their patch scheduling. We have a number of systems running ReFS and several domain controllers and I'm hesitant to apply this patch.
 
So reports are starting to come out that KB5009557 the patch to resolve these issues are starting to cause problems on Hyper-V Servers, Domain Controllers, and systems with ReFS volumes.


I'd be interested in knowing what people are planning for their patch scheduling. We have a number of systems running ReFS and several domain controllers and I'm hesitant to apply this patch.
Hi @Mark Saner I have seen numerous public and private posts about boot loops with the initial patches. I believe this may be resolved now, but not 100% certain on that. Hopefully others will chime in as well.

MJ
 
  • Like
Reactions: Ron Culler
Status
Not open for further replies.