Status
Not open for further replies.

We are opening this thread on the following Threat Report. Please post all related discussions and recommendations to this thread.​

Severity: High TLP: Green First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability​

Tags
  1. Critical CVE
First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Summary:

“Of the 96 vulnerabilities, nine are rated Critical and 89 are rated Important in severity, with six zero-day publicly known at the time of the release. This is in addition to 29 issues patched in Microsoft Edge on January 6, 2022. None of the disclosed bugs are listed as under attack. The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server, .NET Framework, Microsoft Dynamics, Open-Source Software, Windows Hyper-V, Windows Defender, and Windows Remote Desktop Protocol (RDP), (TheHackerNews, 2021).”

Analyst Comments:
Chief among them is CVE-2022-21907 (CVSS score: 9.8), a remote code execution vulnerability rooted in the HTTP Protocol Stack. In most situations, an unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.

Microsoft also resolved six zero-days as part of its Patch Tuesday update, two of which are an integration of third-party fixes concerning the open-source libraries curl and libarchive.
  • CVE-2021-22947 (CVSS score: N/A) – Open-Source curl Remote Code Execution Vulnerability
  • CVE-2021-36976 (CVSS score: N/A) – Open-source libarchive Remote Code Execution Vulnerability
  • CVE-2022-21836 (CVSS score: 7.8) – Windows Certificate Spoofing Vulnerability
  • CVE-2022-21839 (CVSS score: 6.1) – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  • CVE-2022-21874 (CVSS score: 7.8) – Windows Security Center API Remote Code Execution Vulnerability
  • CVE-2022-21919 (CVSS score: 7.0) – Windows User Profile Service Elevation
Mitigation:
Security updates have also been released by other vendors to rectify several vulnerabilities, including —
  • Adobe
  • Android
  • Cisco
  • Citrix
  • Google Chrome
  • Linux distributions Oracle Linux, Red Hat, and SUSE
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • Samba
  • SAP
  • Schneider Electric
  • Siemens
  • VMware, and
  • WordPress
Source:
https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html
 
  • Like
Reactions: Lisa Person

Mark Saner

Well-known member
Jul 26, 2021
1
0
So reports are starting to come out that KB5009557 the patch to resolve these issues are starting to cause problems on Hyper-V Servers, Domain Controllers, and systems with ReFS volumes.


I'd be interested in knowing what people are planning for their patch scheduling. We have a number of systems running ReFS and several domain controllers and I'm hesitant to apply this patch.
 
So reports are starting to come out that KB5009557 the patch to resolve these issues are starting to cause problems on Hyper-V Servers, Domain Controllers, and systems with ReFS volumes.


I'd be interested in knowing what people are planning for their patch scheduling. We have a number of systems running ReFS and several domain controllers and I'm hesitant to apply this patch.
Hi @Mark Saner I have seen numerous public and private posts about boot loops with the initial patches. I believe this may be resolved now, but not 100% certain on that. Hopefully others will chime in as well.

MJ
 
  • Like
Reactions: Ron Culler
Status
Not open for further replies.