Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Microsoft January 2022 Patch Tuesday Fixes 6 Zero-days, 97 Flaws

Microsoft January 2022 Patch Tuesday Fixes 6 Zero-days, 97 Flaws

Today is Microsoft’s January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws.

Also Read: 6 Ways to Protect Your Business From Employee Data Theft

Microsoft has fixed 97 vulnerabilities (not including 29 Microsoft Edge vulnerabilities ) with today’s update, with nine classified as Critical and 88 as Important.

The number of each type of vulnerability is listed below:

  • 41 Elevation of Privilege Vulnerabilities
  • 9 Security Feature Bypass Vulnerabilities
  • 29 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 9 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

Six zero-days fixed, none actively exploited

This month’s Patch Tuesday includes fixes for six publicly disclosed zero-day vulnerabilities. The good news is that none of them have been actively exploited in attacks.

Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.

The publicly disclosed vulnerabilities fixes as part of the December 2021 Patch Tuesday are:

  • CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
  • CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability
  • CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
  • CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
  • CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
  • CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability

Both the Curl and Libarchive vulnerabilities had already been fixed by their maintainers but the fixes were not added to Windows until today.

However, as many of these have public proof-of-concept exploits available, they will likely be exploited by threat actors soon.

Recent updates from other companies

Other vendors who released updates in January 2022 include:

The January 2022 Patch Tuesday Security Updates

Below is the complete list of resolved vulnerabilities and released advisories in the January 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.

Also Read: The 6 Types of Shredder Security Levels: Advantage Business Equipment

TagCVE IDCVE TitleSeverity
.NET FrameworkCVE-2022-21911.NET Framework Denial of Service VulnerabilityImportant
Microsoft DynamicsCVE-2022-21932Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting VulnerabilityImportant
Microsoft DynamicsCVE-2022-21891Microsoft Dynamics 365 (on-premises) Spoofing VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0105Chromium: CVE-2022-0105 Use after free in PDFUnknown
Microsoft Edge (Chromium-based)CVE-2022-0102Chromium: CVE-2022-0102 Type Confusion in V8Unknown
Microsoft Edge (Chromium-based)CVE-2022-0104Chromium: CVE-2022-0104 Heap buffer overflow in ANGLEUnknown
Microsoft Edge (Chromium-based)CVE-2022-0101Chromium: CVE-2022-0101 Heap buffer overflow in BookmarksUnknown
Microsoft Edge (Chromium-based)CVE-2022-0103Chromium: CVE-2022-0103 Use after free in SwiftShaderUnknown
Microsoft Edge (Chromium-based)CVE-2022-0109Chromium: CVE-2022-0109 Inappropriate implementation in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2022-0110Chromium: CVE-2022-0110 Incorrect security UI in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2022-0108Chromium: CVE-2022-0108 Inappropriate implementation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2022-0106Chromium: CVE-2022-0106 Use after free in AutofillUnknown
Microsoft Edge (Chromium-based)CVE-2022-0107Chromium: CVE-2022-0107 Use after free in File Manager APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-21954Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-21970Microsoft Edge (Chromium-based) Elevation of Privilege VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-21931Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-21929Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityModerate
Microsoft Edge (Chromium-based)CVE-2022-21930Microsoft Edge (Chromium-based) Remote Code Execution VulnerabilityImportant
Microsoft Edge (Chromium-based)CVE-2022-0099Chromium: CVE-2022-0099 Use after free in Sign-inUnknown
Microsoft Edge (Chromium-based)CVE-2022-0100Chromium: CVE-2022-0100 Heap buffer overflow in Media streams APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-0098Chromium: CVE-2022-0098 Use after free in Screen CaptureUnknown
Microsoft Edge (Chromium-based)CVE-2022-0096Chromium: CVE-2022-0096 Use after free in StorageUnknown
Microsoft Edge (Chromium-based)CVE-2022-0097Chromium: CVE-2022-0097 Inappropriate implementation in DevToolsUnknown
Microsoft Edge (Chromium-based)CVE-2022-0116Chromium: CVE-2022-0116 Inappropriate implementation in CompositingUnknown
Microsoft Edge (Chromium-based)CVE-2022-0117Chromium: CVE-2022-0117 Policy bypass in Service WorkersUnknown
Microsoft Edge (Chromium-based)CVE-2022-0115Chromium: CVE-2022-0115 Uninitialized Use in File APIUnknown
Microsoft Edge (Chromium-based)CVE-2022-0113Chromium: CVE-2022-0113 Inappropriate implementation in BlinkUnknown
Microsoft Edge (Chromium-based)CVE-2022-0114Chromium: CVE-2022-0114 Out of bounds memory access in Web SerialUnknown
Microsoft Edge (Chromium-based)CVE-2022-0118Chromium: CVE-2022-0118 Inappropriate implementation in WebShareUnknown
Microsoft Edge (Chromium-based)CVE-2022-0111Chromium: CVE-2022-0111 Inappropriate implementation in NavigationUnknown
Microsoft Edge (Chromium-based)CVE-2022-0112Chromium: CVE-2022-0112 Incorrect security UI in Browser UIUnknown
Microsoft Edge (Chromium-based)CVE-2022-0120Chromium: CVE-2022-0120 Inappropriate implementation in PasswordsUnknown
Microsoft Exchange ServerCVE-2022-21969Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Exchange ServerCVE-2022-21846Microsoft Exchange Server Remote Code Execution VulnerabilityCritical
Microsoft Exchange ServerCVE-2022-21855Microsoft Exchange Server Remote Code Execution VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21904Windows GDI Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21903Windows GDI Elevation of Privilege VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21915Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft Graphics ComponentCVE-2022-21880Windows GDI+ Information Disclosure VulnerabilityImportant
Microsoft OfficeCVE-2022-21840Microsoft Office Remote Code Execution VulnerabilityCritical
Microsoft Office ExcelCVE-2022-21841Microsoft Excel Remote Code Execution VulnerabilityImportant
Microsoft Office SharePointCVE-2022-21837Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
Microsoft Office WordCVE-2022-21842Microsoft Word Remote Code Execution VulnerabilityImportant
Microsoft Windows Codecs LibraryCVE-2022-21917HEVC Video Extensions Remote Code Execution VulnerabilityCritical
Open Source SoftwareCVE-2021-22947Open Source Curl Remote Code Execution VulnerabilityCritical
Role: Windows Hyper-VCVE-2022-21901Windows Hyper-V Elevation of Privilege VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21900Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21905Windows Hyper-V Security Feature Bypass VulnerabilityImportant
Role: Windows Hyper-VCVE-2022-21847Windows Hyper-V Denial of Service VulnerabilityImportant
Tablet Windows User InterfaceCVE-2022-21870Tablet Windows User Interface Application Core Elevation of Privilege VulnerabilityImportant
Windows Account ControlCVE-2022-21859Windows Accounts Control Elevation of Privilege VulnerabilityImportant
Windows Active DirectoryCVE-2022-21857Active Directory Domain Services Elevation of Privilege VulnerabilityCritical
Windows AppContracts API ServerCVE-2022-21860Windows AppContracts API Server Elevation of Privilege VulnerabilityImportant
Windows Application ModelCVE-2022-21862Windows Application Model Core API Elevation of Privilege VulnerabilityImportant
Windows BackupKey Remote ProtocolCVE-2022-21925Windows BackupKey Remote Protocol Security Feature Bypass VulnerabilityImportant
Windows Bind Filter DriverCVE-2022-21858Windows Bind Filter Driver Elevation of Privilege VulnerabilityImportant
Windows CertificatesCVE-2022-21836Windows Certificate Spoofing VulnerabilityImportant
Windows Cleanup ManagerCVE-2022-21838Windows Cleanup Manager Elevation of Privilege VulnerabilityImportant
Windows Clipboard User ServiceCVE-2022-21869Clipboard User Service Elevation of Privilege VulnerabilityImportant
Windows Cluster Port DriverCVE-2022-21910Microsoft Cluster Port Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21897Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Common Log File System DriverCVE-2022-21916Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
Windows Connected Devices Platform ServiceCVE-2022-21865Connected Devices Platform Service Elevation of Privilege VulnerabilityImportant
Windows Cryptographic ServicesCVE-2022-21835Microsoft Cryptographic Services Elevation of Privilege VulnerabilityImportant
Windows DefenderCVE-2022-21921Windows Defender Credential Guard Security Feature Bypass VulnerabilityImportant
Windows DefenderCVE-2022-21906Windows Defender Application Control Security Feature Bypass VulnerabilityImportant
Windows Devices Human InterfaceCVE-2022-21868Windows Devices Human Interface Elevation of Privilege VulnerabilityImportant
Windows Diagnostic HubCVE-2022-21871Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege VulnerabilityImportant
Windows DirectXCVE-2022-21898DirectX Graphics Kernel Remote Code Execution VulnerabilityCritical
Windows DirectXCVE-2022-21918DirectX Graphics Kernel File Denial of Service VulnerabilityImportant
Windows DirectXCVE-2022-21912DirectX Graphics Kernel Remote Code Execution VulnerabilityCritical
Windows DWM Core LibraryCVE-2022-21852Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21902Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows DWM Core LibraryCVE-2022-21896Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2022-21872Windows Event Tracing Elevation of Privilege VulnerabilityImportant
Windows Event TracingCVE-2022-21839Windows Event Tracing Discretionary Access Control List Denial of Service VulnerabilityImportant
Windows Geolocation ServiceCVE-2022-21878Windows Geolocation Service Remote Code Execution VulnerabilityImportant
Windows HTTP Protocol StackCVE-2022-21907HTTP Protocol Stack Remote Code Execution VulnerabilityCritical
Windows IKE ExtensionCVE-2022-21843Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21890Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21883Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21889Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21848Windows IKE Extension Denial of Service VulnerabilityImportant
Windows IKE ExtensionCVE-2022-21849Windows IKE Extension Remote Code Execution VulnerabilityImportant
Windows InstallerCVE-2022-21908Windows Installer Elevation of Privilege VulnerabilityImportant
Windows KerberosCVE-2022-21920Windows Kerberos Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21881Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows KernelCVE-2022-21879Windows Kernel Elevation of Privilege VulnerabilityImportant
Windows LibarchiveCVE-2021-36976Libarchive Remote Code Execution VulnerabilityImportant
Windows Local Security AuthorityCVE-2022-21913Local Security Authority (Domain Policy) Remote Protocol Security Feature BypassImportant
Windows Local Security Authority Subsystem ServiceCVE-2022-21884Local Security Authority Subsystem Service Elevation of Privilege VulnerabilityImportant
Windows Modern Execution ServerCVE-2022-21888Windows Modern Execution Server Remote Code Execution VulnerabilityImportant
Windows Push NotificationsCVE-2022-21867Windows Push Notifications Apps Elevation Of Privilege VulnerabilityImportant
Windows RDPCVE-2022-21851Remote Desktop Client Remote Code Execution VulnerabilityImportant
Windows RDPCVE-2022-21850Remote Desktop Client Remote Code Execution VulnerabilityImportant
Windows RDPCVE-2022-21893Remote Desktop Protocol Remote Code Execution VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21914Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote Access Connection ManagerCVE-2022-21885Windows Remote Access Connection Manager Elevation of Privilege VulnerabilityImportant
Windows Remote DesktopCVE-2022-21964Remote Desktop Licensing Diagnoser Information Disclosure VulnerabilityImportant
Windows Remote Procedure Call RuntimeCVE-2022-21922Remote Procedure Call Runtime Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21961Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21959Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21958Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21960Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21963Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21892Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21962Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Resilient File System (ReFS)CVE-2022-21928Windows Resilient File System (ReFS) Remote Code Execution VulnerabilityImportant
Windows Secure BootCVE-2022-21894Secure Boot Security Feature Bypass VulnerabilityImportant
Windows Security CenterCVE-2022-21874Windows Security Center API Remote Code Execution VulnerabilityImportant
Windows StateRepository APICVE-2022-21863Windows StateRepository API Server file Elevation of Privilege VulnerabilityImportant
Windows StorageCVE-2022-21875Windows Storage Elevation of Privilege VulnerabilityImportant
Windows Storage Spaces ControllerCVE-2022-21877Storage Spaces Controller Information Disclosure VulnerabilityImportant
Windows System LauncherCVE-2022-21866Windows System Launcher Elevation of Privilege VulnerabilityImportant
Windows Task Flow Data EngineCVE-2022-21861Task Flow Data Engine Elevation of Privilege VulnerabilityImportant
Windows Tile Data RepositoryCVE-2022-21873Tile Data Repository Elevation of Privilege VulnerabilityImportant
Windows UEFICVE-2022-21899Windows Extensible Firmware Interface Security Feature Bypass VulnerabilityImportant
Windows UI Immersive ServerCVE-2022-21864Windows UI Immersive Server API Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2022-21895Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User Profile ServiceCVE-2022-21919Windows User Profile Service Elevation of Privilege VulnerabilityImportant
Windows User-mode Driver FrameworkCVE-2022-21834Windows User-mode Driver Framework Reflector Driver Elevation of Privilege VulnerabilityImportant
Windows Virtual Machine IDE DriveCVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege VulnerabilityCritical
Windows Win32KCVE-2022-21882Win32k Elevation of Privilege VulnerabilityImportant
Windows Win32KCVE-2022-21876Win32k Information Disclosure VulnerabilityImportant
Windows Win32KCVE-2022-21887Win32k Elevation of Privilege VulnerabilityImportant
Windows Workstation Service Remote ProtocolCVE-2022-21924Workstation Service Remote Protocol Security Feature Bypass VulnerabilityImportant

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us