[German]On January 11, 2022 (second Tuesday of the month, Microsoft Patchday), Microsoft released several security-related updates for still-supported Microsoft Office versions and other products. RCE vulnerabilities will be closed again. For Microsoft Access, the bug from December 2021 is fixed according to reader feedback. Here is an overview of the available updates.
Advertising
General information
The updates apply to the installable MSI version of Office (the click-to-run packages obtain the updates through other channels). An overview of the updates can be found on this web page (and here for January). Details are documented in the linked KB articles. Office 2019 does not appear in the list because it is distributed via click-to-run packages and receives security updates via the Office Update feature.
As of patchday 11/1/2022, I have received feedback from readers that the December access bug (Access Lock Bug: Where the December 2021 Fixes Fail) has been fixed. But I don't know, which update (Office or Windows) is responsible.
Regarding the Outlook problem of search not finding mails (see here), a Windows update seems to fix it (see also this German comment).
According to ADV170021, the January 11, 2022 updates disable the Dynamic Data Exchange (DDE) protocol in all supported editions of Microsoft Word (see also Microsoft Excel security enhancements in the January 2022 update).
These security updates address the critical RCE vulnerability CVE-2022-21840 in Microsoft Office, , which allows remote code execution without additional privileges.
Office 2016
The following security updates have been released for Office 2016.
- Excel 2016: Description of the security update for Excel 2016: January 11, 2022 (KB5002114); This security update resolves RCE vulnerability CVE-2022-21840 in Microsoft Office.
- Office 2016: Description of the security update for Office 2016: January 11, 2022 (KB5002115); This security update resolves CVE-2022-21840.
- Office 2016: Description of the security update for Office 2016: January 11, 2022 (KB5002060); This security update resolves CVE-2022-21840.
- Office 2016: Description of the security update for Office 2016: January 11, 2022 (KB5002116); This security update resolves CVE-2022-21841.
- Office 2016: Description of the security update for Office 2016: January 11, 2022 (KB5002052); This security update resolves CVE-2022-21840.
- Word 2016: Description of the security update for Word 2016: January 11, 2022 (KB5002057); This security update resolves CVE-2022-21842.
Details about the Office updates can be found in the linked KB articles.
Office 2013
Office 2013 requires Service Pack 1 for Microsoft Office 2013 to be installed. The following security updates have been released. They address the same security vulnerabilities as Microsoft Office 2016.
- Excel 2013: Description of the security update for Excel 2013: January 11, 2022 (KB5002128)
- Office 2013: Description of the security update for Office 2013: January 11, 2022 (KB5002124)
- Office 2013: Description of the security update for Office 2013: January 11, 2022 (KB5002064)
- Office 2013: Description of the security update for Office 2013: January 11, 2022 (KB5002119)
- Office 2013: Description of the security update for Office 2013: January 11, 2022 (KB4462205)
Details about the Office updates can be found in the linked KB articles.
Advertising
More updates for Office/SharePoint Server
Microsoft has also released security updates for several versions of Microsoft SharePoint Server.
SharePoint Server Subscription Edition
- SharePoint Server Subscription Edition: Description of the security update for SharePoint Server Subscription Edition: January 11, 2022 (KB5002111)
- SharePoint Server Subscription Edition Language Pack: Description of the security update for SharePoint Server Subscription Edition Language Pack: January 11, 2022 (KB5002110)
SharePoint Server 2019
- Office Online Server: Description of the security update for Office Online Server: January 11, 2022 (KB5002107)
- SharePoint Server 2019: Description of the security update for SharePoint Server 2019: January 11, 2022 (KB5002109)
- SharePoint Server 2019 Language Pack: Description of the security update for SharePoint Server 2019 Language Pack: January 11, 2022 (KB5002108)
Microsoft SharePoint Server 2016
- SharePoint Enterprise Server 2016: Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 (KB5002113)
- SharePoint Enterprise Server 2016: Description of the security update for SharePoint Enterprise Server 2016: January 11, 2022 (KB5002118)
Microsoft SharePoint Server 2013
- Office Web Apps Server: Description of the security update for Office Web Apps Server 2013: January 11, 2022 (KB5002122)
- Project Server 2013: January 11, 2022, cumulative update for Project Server 2013 (KB5002125)
- Project Server 2013: January 11, 2022, update for Project Server 2013 (KB4484367)
- SharePoint Enterprise Server 2013: Description of the security update for SharePoint Enterprise Server 2013: January 11, 2022 (KB5001995)
- SharePoint Enterprise Server 2013: Description of the security update for SharePoint Enterprise Server 2013: January 11, 2022 (KB5002102)
- SharePoint Enterprise Server 2013: January 11, 2022, cumulative update for SharePoint Enterprise Server 2013 (KB5002126)
- SharePoint Foundation 2013: Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002127)
- SharePoint Foundation 2013: Description of the security update for SharePoint Foundation 2013: January 11, 2022 (KB5002129)
- SharePoint Foundation 2013: January 11, 2022, cumulative update for SharePoint Foundation 2013 (KB5002123)
Similar articles:
Microsoft Office Updates (January 4, 2022)
Microsoft Security Update Summary (January 11, 2022)
Patchday: Windows 8.1/Server 2012 R2 Updates (January 11, 2022), boot loop reported
Patchday: Windows 10 Updates (January 11, 2022)
Patchday: Windows 11 Updates (January 11, 2022)
Patchday: Updates for Windows 7/Server 2008 R2 (January 11, 2022)
Patchday: Microsoft Office Updates (January 11, 2022)
Patchday: Microsoft Office December 2021 updates (14.12.2021) causes Access issues
Microsoft confirms issues in all Access versions after December 2021 Update
Status of the access bug after December 2021 update (2022/01/03)
Access Lock Bug: Where the December 2021 Fixes Fail
Windows Server: January 2022 security updates are causing DC boot loop
Windows VPN connections (L2TP over IPSEC) broken after January 2022 update
Windows Server 2012/R2: January 2022 Update KB5009586 bricks Hyper-V Host
Advertising