Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2022.0002
Microsoft Patch Tuesday update for Microsoft Windows for January 2022
12 January 2022
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Windows
Windows Server
Remote Desktop Client
HEVC Video Extensions
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Provide Misleading Information -- Existing Account
Unauthorised Access -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2022-21964 CVE-2022-21963 CVE-2022-21962
CVE-2022-21961 CVE-2022-21960 CVE-2022-21959
CVE-2022-21958 CVE-2022-21928 CVE-2022-21925
CVE-2022-21924 CVE-2022-21922 CVE-2022-21921
CVE-2022-21920 CVE-2022-21919 CVE-2022-21918
CVE-2022-21917 CVE-2022-21916 CVE-2022-21915
CVE-2022-21914 CVE-2022-21913 CVE-2022-21912
CVE-2022-21910 CVE-2022-21908 CVE-2022-21907
CVE-2022-21906 CVE-2022-21905 CVE-2022-21904
CVE-2022-21903 CVE-2022-21902 CVE-2022-21901
CVE-2022-21900 CVE-2022-21899 CVE-2022-21898
CVE-2022-21897 CVE-2022-21896 CVE-2022-21895
CVE-2022-21894 CVE-2022-21893 CVE-2022-21892
CVE-2022-21890 CVE-2022-21889 CVE-2022-21888
CVE-2022-21887 CVE-2022-21885 CVE-2022-21884
CVE-2022-21883 CVE-2022-21882 CVE-2022-21881
CVE-2022-21880 CVE-2022-21879 CVE-2022-21878
CVE-2022-21877 CVE-2022-21876 CVE-2022-21875
CVE-2022-21874 CVE-2022-21873 CVE-2022-21872
CVE-2022-21871 CVE-2022-21870 CVE-2022-21869
CVE-2022-21868 CVE-2022-21867 CVE-2022-21866
CVE-2022-21865 CVE-2022-21864 CVE-2022-21863
CVE-2022-21862 CVE-2022-21861 CVE-2022-21860
CVE-2022-21859 CVE-2022-21858 CVE-2022-21857
CVE-2022-21852 CVE-2022-21851 CVE-2022-21850
CVE-2022-21849 CVE-2022-21848 CVE-2022-21847
CVE-2022-21843 CVE-2022-21839 CVE-2022-21838
CVE-2022-21836 CVE-2022-21835 CVE-2022-21834
CVE-2022-21833 CVE-2021-36976 CVE-2021-22947
Comment: Microsoft has warned that CVE-2022-21907 is wormable and recommends patching affected systems as a priority
OVERVIEW
Microsoft has released its monthly security patch update for the
month of January 2022.
This update resolves 87 vulnerabilities across the following
products: [1]
HEVC Video Extensions
Remote Desktop client
Windows 10
Windows 11
Windows 8.1
Windows RT 8.1
Windows Server
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Windows Server 2019
Windows Server 2022
IMPACT
Microsoft has given the following details regarding these vulnerabilities.
Details Impact Severity
CVE-2021-22947 Remote Code Execution Critical
CVE-2021-36976 Remote Code Execution Important
CVE-2022-21833 Elevation of Privilege Critical
CVE-2022-21834 Elevation of Privilege Important
CVE-2022-21835 Elevation of Privilege Important
CVE-2022-21836 Spoofing Important
CVE-2022-21838 Elevation of Privilege Important
CVE-2022-21839 Denial of Service Important
CVE-2022-21843 Denial of Service Important
CVE-2022-21847 Denial of Service Important
CVE-2022-21848 Denial of Service Important
CVE-2022-21849 Remote Code Execution Important
CVE-2022-21850 Remote Code Execution Important
CVE-2022-21851 Remote Code Execution Important
CVE-2022-21852 Elevation of Privilege Important
CVE-2022-21857 Elevation of Privilege Critical
CVE-2022-21858 Elevation of Privilege Important
CVE-2022-21859 Elevation of Privilege Important
CVE-2022-21860 Elevation of Privilege Important
CVE-2022-21861 Elevation of Privilege Important
CVE-2022-21862 Elevation of Privilege Important
CVE-2022-21863 Elevation of Privilege Important
CVE-2022-21864 Elevation of Privilege Important
CVE-2022-21865 Elevation of Privilege Important
CVE-2022-21866 Elevation of Privilege Important
CVE-2022-21867 Elevation of Privilege Important
CVE-2022-21868 Elevation of Privilege Important
CVE-2022-21869 Elevation of Privilege Important
CVE-2022-21870 Elevation of Privilege Important
CVE-2022-21871 Elevation of Privilege Important
CVE-2022-21872 Elevation of Privilege Important
CVE-2022-21873 Elevation of Privilege Important
CVE-2022-21874 Remote Code Execution Important
CVE-2022-21875 Elevation of Privilege Important
CVE-2022-21876 Information Disclosure Important
CVE-2022-21877 Information Disclosure Important
CVE-2022-21878 Remote Code Execution Important
CVE-2022-21879 Elevation of Privilege Important
CVE-2022-21880 Information Disclosure Important
CVE-2022-21881 Elevation of Privilege Important
CVE-2022-21882 Elevation of Privilege Important
CVE-2022-21883 Denial of Service Important
CVE-2022-21884 Elevation of Privilege Important
CVE-2022-21885 Elevation of Privilege Important
CVE-2022-21887 Elevation of Privilege Important
CVE-2022-21888 Remote Code Execution Important
CVE-2022-21889 Denial of Service Important
CVE-2022-21890 Denial of Service Important
CVE-2022-21892 Remote Code Execution Important
CVE-2022-21893 Remote Code Execution Important
CVE-2022-21894 Security Feature Bypass Important
CVE-2022-21895 Elevation of Privilege Important
CVE-2022-21896 Elevation of Privilege Important
CVE-2022-21897 Elevation of Privilege Important
CVE-2022-21898 Remote Code Execution Critical
CVE-2022-21899 Security Feature Bypass Important
CVE-2022-21900 Security Feature Bypass Important
CVE-2022-21901 Elevation of Privilege Important
CVE-2022-21902 Elevation of Privilege Important
CVE-2022-21903 Elevation of Privilege Important
CVE-2022-21904 Information Disclosure Important
CVE-2022-21905 Security Feature Bypass Important
CVE-2022-21906 Security Feature Bypass Important
CVE-2022-21907 Remote Code Execution Critical
CVE-2022-21908 Elevation of Privilege Important
CVE-2022-21910 Elevation of Privilege Important
CVE-2022-21912 Remote Code Execution Critical
CVE-2022-21913 Security Feature Bypass Important
CVE-2022-21914 Elevation of Privilege Important
CVE-2022-21915 Information Disclosure Important
CVE-2022-21916 Elevation of Privilege Important
CVE-2022-21917 Remote Code Execution Critical
CVE-2022-21918 Denial of Service Important
CVE-2022-21919 Elevation of Privilege Important
CVE-2022-21920 Elevation of Privilege Important
CVE-2022-21921 Security Feature Bypass Important
CVE-2022-21922 Remote Code Execution Important
CVE-2022-21924 Security Feature Bypass Important
CVE-2022-21925 Security Feature Bypass Important
CVE-2022-21928 Remote Code Execution Important
CVE-2022-21958 Remote Code Execution Important
CVE-2022-21959 Remote Code Execution Important
CVE-2022-21960 Remote Code Execution Important
CVE-2022-21961 Remote Code Execution Important
CVE-2022-21962 Remote Code Execution Important
CVE-2022-21963 Remote Code Execution Important
CVE-2022-21964 Information Disclosure Important
MITIGATION
Microsoft recommends updating the software with the version made
available on the Microsoft Update Catalogue for the following
Knowledge Base articles. [1].
KB5009543, KB5009545, KB5009546, KB5009555, KB5009557
KB5009566, KB5009585, KB5009586, KB5009595, KB5009619
KB5009624
REFERENCES
[1] Microsoft Security Update Guidance
https://portal.msrc.microsoft.com/en-us/security-guidance
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYd4yo+NLKJtyKPYoAQhe7w//fmfCnhhclJQKduLBbG4qxurgP1oIjzMM
cLYlsE+7H2Jxvau+1F1jDoOKggKEjDYt8oTkPFo3G5UV1kWWt0ONW/PDgOVC9trJ
AiZiZ39eH1WcB3JRB6v2ibO5yJ7Cjxg/uaH2/Nd/uZcUujhgEh4EL5Ou4jRpeb3d
BRBxjOzu/UBVBryAHzn9N7QGmyjwvCTm+IZOu9B9fg18o6lMDrL8B0fQRmvI3wUM
h0TCDA80PkFdRBvh55YMp427yb9Pl+voyw00lkvzAfpha7CSoXwGQyz8Up7v1INh
M4vxczFqCa0vpDIBGhFnrUzovad1O2dHgoRaRk/UW53VMXSeZZAKqZ9JrhXi2fqr
jFR6KLUDPTjOIc2cM3tNuoE7XqipQ9j2s+mmz2vfmD44682e+qRMLjkChp6OnSHt
Vy8sNyX91jgVa3Nd9rEb5FegeHV7J2vW4vykUCK+oeHTIMWa7ocaRWqZ61xqdO9i
U65QZZmx8YBMbkEd2GEtb92U3fVH5eWsF4GvuHWLsH7jWsyPsgBjVqOPC/uBzy34
TdeAfz363n+5ix4P+x3kYlDETYwJQgJqnXJRBSU+nx8Tc8hBnRths4UfgwPwGKyD
B77a7ACrY+E8+xgUa1pI7R2otTMIIEMY5Aop6NbPnsnvG7TRe3tPNa6tAe0et4MI
7VFmWG8KEd0=
=kVK5
-----END PGP SIGNATURE-----