Microsoft has launched its first Patch Tuesday of this new year 2022 with solutions for six publicly disclosed zero-day or zero-day vulnerabilities, although none of them have been actively exploited in attacks.
Redmond’s too fixes a total of 97 bugs in Windows, plus 29 vulnerabilities in your Microsoft Edge browser. Of the corrected bugs in their software, there were nine classified as critical and 88 as important.
Problems encountered that Microsoft fixed in this Patch Tuesday January they were classified like this:
41 Elevation of Privilege Vulnerabilities
9 Security Role Bypass Vulnerabilities
29 Remote Code Execution Vulnerabilities
6 Information disclosure vulnerabilities
9 Denial of service vulnerabilities
3 Impersonation vulnerabilities
‘Sgroogled.com’: When MICROSOFT Launched ANTI-GOOGLE Ads
What’s new for almost everything in Windows 10
The update arrives for different versions of Windows 10 and is associated with the KB5009543 patch. You can download it if you have Windows 10 May 2020 Update (2004), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1) and Windows 10 November 2021 Update (21H2) on your computer.
In addition, Microsoft has also announced a revamped notification system for its Security Update Guide. Arrives with standard email addresses which are now accepted at registration instead of just Live IDs.
It should be remembered that at the beginning of this month the company released an emergency fix for a bug affecting Exchange servers. Specifically, the MS Exchange antispam and antimalware engine (FIP-FS, activated by default in the installations of that platform since its version 2013) suffered an error when processing the date from midnight on December 31, 2021, so millions of emails were paralyzed on the servers, without forwarding to their recipients.
What were the Zero-day vulnerabilities
Regarding zero-day vulnerabilities, although according to Microsoft none of them have been actively exploited in attacks, as they were made public, could be exploiteds. Son:
CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability
CVE-2022-21919 – Windows User Profile Service Elevation of Privilege vulnerability
CVE-2022-21836 – Windows Certificate Forgery Vulnerability
CVE-2022-21839 – Windows Discretionary Access Control List Denial of Service vulnerability
CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability
Both the vulnerability of Curl like Libarchive’s had already been fixed, but the fixes were added to Windows now with the patch.