Skip to main content

Microsoft Patch Tuesday: A ‘Unusually Large Patch Release

Table of Contents

Application Security, Governance & Risk Management, Incident & Breach Response.

122 CVEs, including 96 New, 9 Critical, and 6 Zero-Days Prajeet Nair (@prajeetspeaks). * January 12, 2022, Microsoft Patch Wednesday: An ‘Unusually Large’ Patch Release.

Microsoft released Tuesday its first rollout of 2022 patches. It covers 96 CVEs plus 24 CVEs that were patched earlier in the month by Microsoft Edge (Chromium-based), and two CVEs that were previously fixed in open-source projects. There are now 122 CVEs in January. Nine of these CVEs are considered critical in severity while 89 are important. Six are also zero-day vulnerabilities.

The Toll of Identity Sprawl in the Complex Enterprise

“This is a very large update for January. Dustin Childs, Zero Day Initiative’s Dustin Childs, says that over the past few years the average January patch release has been about half as many.

Tuesday’s update addresses privilege escalation flaws and remote code execution exploits. It also fixes spoofing issues and information disclosure vulnerabilities in Microsoft Windows, Windows Components and Microsoft Edge (Chromium-based), Exchange Server, and Microsoft Office and Office Components.

Microsoft released a workaround earlier this month to correct a fatal error in email delivery that was caused by a date check failure due to the change of the years to 2022. (see: Microsoft Exchange Fixes the Disruptive “Y2K22” Bug).

Log4j – Stress Relief

Bharat Jogi is Qualys’ director of vulnerability research and threat analysis. He says Microsoft’s monster Patch Tuesday occurs during chaos in the security sector as professionals work overtime on Log4Shell (or the Apache Log4j vulnerability) which is reportedly one of the most serious vulnerabilities in recent decades.

Jogi tells ISMG that unpredictable events like Log4Shell can add stress to security professionals who have to deal with these outbreaks. This makes it imperative to keep an automated inventory of all items used by organizations in their environment. Security professionals should automate the deployment of patches for events according to a set schedule, such as MSFT Patch Tuesday. This will allow them to focus on responding to unpredictable events efficiently.

Notable Vulnerabilities CVE-2022-21907

CVE-2022-21907 is a remote code execution vulnerability in the HTTP protocol stack. It has a CVSS score of 9.8 out of 10. An attacker could use this bug to execute code on affected systems by sending specially crafted packets. This vulnerability is available to all systems that utilize the HTTP Protocol Stack (http.Sys).

“A wormable bug is one that requires no user interaction, does not require privileges, and has an elevated service. This bug is more server-centric than usual, but Windows clients can run HTTP.Sys as well, so it affects all versions. Childs states that the patch can be quickly deployed and tested.

“Kev Breen, Immersive Labs’ director of cyber threat analysis, says that wormable nature has been labeled as more likely to exploit. Breen claims that Windows Server 2019 and Windows 10 Version 1809 are not automatically vulnerable. They require a registry key to make them vulnerable.

Breen says that, if the affected version is not available for patching immediately, the Microsoft advisory can be used to apply the mitigation. He advises that you always verify the potential impact on any business-critical applications before applying mitigation.

Chris Morgan, senior analyst in cyberthreat intelligence at Digital Shadows, said that this vulnerability is alarming, but there are no working proofs or exploitable wild evidence. He says that it should be addressed as a top priority.

CVE-2022-21907 & CVE-2022-21840

CVE-2022-21907 is the most serious vulnerability, according to Rapid7’s product manager Greg Wiseman. It affects the Windows HTTP protocol layer. Microsoft believes it is potentially wormable. However, similar vulnerabilities, such as CVE-2021-3166, have not been proven to be wormable.

Wiseman states that CVE-2022-21840 is a vulnerability in all versions of Microsoft Office and Sharepoint Server. He says that to exploit the vulnerability, one would need to use social engineering to get a victim to open an attachment or go to a malicious site. Fortunately, the Windows preview pane does not provide this opportunity.

Childs of Zero Day Initiative says that there are several patches to fix this bug unless your computer is running Office 2019 for Mac or Microsoft Office LTSC For Mac 2021. These versions have no patches. He says, “Let’s all hope Microsoft makes these patches available soon.”

RCE Vulnerabilities

 

CVE-2022-221846, CVE-2022-221855, and CVE-2022-221969 were all remote code execution vulnerabilities. Each received a CVSS score of 9/10. These vulnerabilities affect Microsoft Exchange Server. These vulnerabilities were discovered by three different researchers, including the National Security Agency.

Breen states that “An important caveat is that they’re listed as ‘network-adjacent,’ which means an attacker must have access to the local networks via an existing compromised host.” “Attacks to exploit this component would be part of the phases of the lateral movement, not the initial infection vector.”

He claims that this isn’t the first time Microsoft Exchange Server has been affected by exploits or patches. In fact, the Hafnium APT team used a number of exploits in January 2021.

Other vulnerabilities

DirectX Graphics are affected by CVE-2022-291912 and CVE-2022-2898. CVE-2022-21917 refers to a vulnerability in Windows Codecs Library. While most systems should be patched automatically, Wiseman states that some organizations may have the vulnerable codec installed on their gold images. This could disable Windows Store updates.

Zero-Days

Microsoft’s most recent patch release includes six zero-day vulnerabilities, which were publicly disclosed by Microsoft. These vulnerabilities are not currently being exploited.

CVE-2022-21919

CVE-2022-2191919 is a Windows user profile vulnerability that allows for the elevation of privilege. It affects Windows 7 as well as server 2008, and later Windows versions.

An analysis shared by ISMG shows that Tyler Reguly (manager of security research at Tripwire) said this vulnerability was a bypass for CVE-2021-34484 released by researcher Abdelhamid Naci (see Report: No Patch to Microsoft Privilege Escalation Zero Day).

“The bypass was first reported by the researcher on October 22. He shared links to proof of concept. Naceri claims that the initial fix to CDirectoryRemove only removed it based on the proof of concept. Reguly states that it did not fix the underlying problem.

CVE-2021-36976

CVE-2021-36976 describes a Libarchive remote execution vulnerability. It involves an issue in the libarchive program, which Windows uses. Reguly states that the vulnerability was discovered by OSS-Fuzz on March 2021, and reported to Microsoft in June 2021.

CVE-2022-21836

CVE-2022-21836, a Windows certificate spoofing vulnerability, was first reported by Eclypsium in a blog post on September 23, 2021.

This vulnerability could be exploited by using expired or revoked certificates, which could be used for bypassing binary verification in Windows Platform Binary Table.

“Microsoft has fixed a spoofing vulnerability that affected Windows Server 2008 and Windows 7 as well as server 2008, and later Windows OS versions,” says Chris Goetttt. He has also added the certificates to the Windows kernel block list, driver.Stl. “Certificates on the driver.Stl” will be blocked, even if they are present in the Windows Platform Binary Table,” Chris Goettl (Vice President of Product Management at Ivanti).

CVE-2022-21839

CVE-20222-21839 refers to a Windows event that traces discretionary access control lists, or DACL denial-of-service vulnerability. It affects Windows 10 1809, and Server 2019 versions.

Reguly explains that DACLs are access control lists that identify who can access Windows objects and if an object doesn’t have a DACL, it will give everyone access.

CVE-2022-21874

CVE-2022-21874 refers to a remote code execution vulnerability in the Windows Security Center API. This vulnerability affects Windows 10 and Server 2016 as well as later Windows OS versions. Reguly informs ISMG that the vulnerability is local and requires user interaction. However, it could lead to a complete compromise of confidentiality integrity, and availability.

CVE-2021-22947

CVE-2021-22947, an open-source vulnerability in remote code execution using curl, was first discovered in 2009. It was fixed in September 2021. This vulnerability affects Windows 10/Server 2019 and later Windows OS versions.

Reguly claims it’s a “man-in-the-middle” flaw. Traffic that isn’t protected by TLS can be infected by communication between client and server. This traffic will then be processed by curl as it came from TLS-protected connections.

more information : venmo

Comments

Popular posts from this blog

How To Delete All Reddit Comments

On the internet, Reddit is a fun place to be. On Delete All Reddit Comments, you may discover information and conversation on practically any topic. Reddit is known for helping people find what they’re looking for and expressing their opinions and ideas with others who share their interests. For many people on the internet, the website also serves as a daily newspaper. Reddit is based on the concept of posting and commenting. A user makes a post in the subreddit, and other users begin to discuss the topic in the comments. Abusive or improper information is an everyday occurrence when you become a part of such a large community. You will encounter people from various backgrounds and viewpoints, and as a result, many people have left such community platforms. If you want to leave Reddit and deactivate your account, keep in mind that your comments and posts will stay on the site. This is the policy of Reddit. Having said that, it’s crucial to clean up your account before deleting it, and

When will we see the return of One Piece Ex?

Over 20 years have passed since the first publication of the manga and anime series One Piece Ex, yet it hasn’t diminished the series’ continued popularity. In the series, Monkey D. Luffy and his crew go on exciting adventures in search of wealth while fending off other pirates. There is now an ongoing anime adaptation of the manga. Comic books in the manga style originate in Japan and are often drawn in black and white. Since they’re usually cheaper to make than their colored equivalents, more people can afford to see them. Over 150 million copies of One Piece Ex have been sold, making it one of the best-selling manga series of all time. It’s also an action game, a role-playing game, and a film series. Table of Contents Why Is One Piece Ex So Commonly Played? 1. D. Goku’s Luffy’s Mighty Force Some Background about the Manga Show Manga Ideas from Oda Sensei One Piece: Beyond the Movies When Should You Begin Reading the “One Piece Ex” Manga Series? One Piece’s Most Impo

Trezor.io/start | Trezor Login | Trezor Hardware Wallet

  Can you Buy or Sell Crypto Assets Through Trezor Live? Hey blockchain explorers! Have you ever heard that Trezor Wallet offers the facility to purchase or sell crypto assets? Well! If you are still in dilemma, here I am to spill the beans. Unlike various hardware wallets, Trezor Wallet offers an online software named Trezor Suite that enables Trezor customers to purchase or sell cryptocurrencies easily. Along with this, it also provides many more other needful trading- related services such as staking assets, exploring dApps, etc.  Hold on! Are you confused with Ledger Live and Trezor Suite? Well! It happens usually, so let me clarify this point first. Like Trezor hardware wallet, Ledger also provides an online platform to manage crypto assets which is known as Ledger Live. So, if you are searching for either Trezor Live or Ledger Suite, you may end up getting incorrect information. In this read, we will elaborate on the purchasing process through the  Trezor Wallet   application. So