{"id":22996,"date":"2022-01-17T10:00:03","date_gmt":"2022-01-17T09:00:03","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22996"},"modified":"2022-11-04T11:41:30","modified_gmt":"2022-11-04T10:41:30","slug":"microsoft-januar-2022-patchday-revisionen-14-1-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/01\/17\/microsoft-januar-2022-patchday-revisionen-14-1-2022\/","title":{"rendered":"Microsoft Microsoft Januar 2022 Patchday Revisions (2022\/01\/14)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline; border-width: 0px;\" title=\"Update\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/06\/Update-01.jpg\" alt=\"Update\" align=\"left\" border=\"0\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/01\/17\/microsoft-januar-2022-patchday-revisionen-14-1-2022\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]As of January 11, 2022, Microsoft has released a number of security updates for Windows and Office that are supposed to eliminate vulnerabilities. However, some of these updates caused problems, disrupting functions in Windows. On January 14, 2022, Microsoft released a list of update revisions that I would like to briefly review in the wake of the January 2022 Patchday.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg09.met.vgwort.de\/na\/23c9f33439e04e6d8122e9fb4a905791\" alt=\"\" width=\"1\" height=\"1\" \/>I have extracted the information from Microsoft about the CVEs listed below, whose descriptions have been seriously changed again.<\/p>\n<ul>\n<li>CVE-2022-21840<\/li>\n<li>CVE-2022-21841<\/li>\n<li>CVE-2022-21880<\/li>\n<li>CVE-2022-21882<\/li>\n<li>CVE-2022-21893<\/li>\n<li>CVE-2022-21907<\/li>\n<li>CVE-2022-21913<\/li>\n<\/ul>\n<p>Below are details on the vulnerabilities in question. These provide a good overview of what serious vulnerabilities are relevant to the January 2022 patchday and the consequences of failing to install the January 2022 security updates.<\/p>\n<h2>Office vulnerabilities (Mac)<\/h2>\n<p>For Office installations in support (Mac only), the following vulnerabilities were closed in January 2022.<\/p>\n<h3>CVE-2022-21840: Microsoft Office RCE<\/h3>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21840\" target=\"_blank\" rel=\"noopener\">CVE-2022-21840<\/a> is a remote code execution (RCE) vulnerability in Microsoft Office for Mac that is rated critical. Here, Microsoft has provided an update and recommends installing the updates promptly. For the Windows track, Office users can ignore this vulnerability, as it is not present there.<\/p>\n<h3>CVE-2022-21841: Microsoft Excel RCE<\/h3>\n<p>The vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21841\" target=\"_blank\" rel=\"noopener\">CVE-2022-21841<\/a> is also present in Microsoft Excel for Mac and allows remote code execution. Microsoft provides security updates for the vulnerability described as important, which Mac users should install promptly.<\/p>\n<h2>Windows vulnerabilities<\/h2>\n<p>More important to the blog's readership are the vulnerabilities in the still-supported versions of Windows that will be closed by the January 2022 updates. Users who run into problems with the update installation and need to uninstall these patches will find an overview of the details below.<\/p>\n<h3>CVE-2022-21880:Windows GDI+ Information disclosure<\/h3>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21880\" target=\"_blank\" rel=\"noopener\">CVE-2022-21880<\/a> is an as important classified vulnerability in Windows GDI+ that allows information disclosure. Microsoft rates the probability of exploitation as low.<\/p>\n<h3>CVE-2022-21882: Win32k Privilege Escalation<\/h3>\n<p>In Win32k vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21882\" target=\"_blank\" rel=\"noopener\">CVE-2022-21882<\/a> allows an elevation of privilege. A local, authenticated attacker can gain elevated local system or administrator privileges through the vulnerability in the Win32k.sys driver. Because of the limitations, this vulnerability is rated important only. Microsoft is aware of a limited number of attacks that attempt to exploit this vulnerability.<\/p>\n<h3>CVE-2022-21893: Remote Desktop Protocol\u00a0 RCE<\/h3>\n<p>In Win32k vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21893\" target=\"_blank\" rel=\"noopener\">CVE-2022-21893<\/a> allows elevation of privilege. A local, authenticated attacker can gain elevated local system or administrator privileges through the vulnerability in the Win32k.sys driver. Because of the limitations, this vulnerability is rated important only. Microsoft is aware of a limited number of attacks that attempt to exploit this vulnerability.<\/p>\n<h3>CVE-2022-21907:\u00a0 HTTP Protocol Stack RCE<\/h3>\n<p>Vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21907\" target=\"_blank\" rel=\"noopener\">CVE-2022-21907<\/a> is located in the Windows HTTP protocol stack and is rated critical. The remote code execution vulnerability has already made waves because it is considered wormable, meaning it allows an attack to spread across a network. In most scenarios, an unauthenticated attacker could send a specially crafted packet to a target server that uses the HTTP protocol stack (<em>http.sys<\/em>) to process packets.<\/p>\n<p>While the vulnerability was closed by the Windows 10\/Windows Server updates (<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/patchday-windows-10-updates-11-januar-2022\/\">Patchday: Windows 10 updates (January 11, 2022)<\/a>) as of January 11, 2022. The problem is that these updates cannot be installed in certain scenarios because of the collateral damage described in the article <a href=\"https:\/\/borncity.com\/win\/2022\/01\/14\/microsoft-patch-day-issues-jan-2022-bugs-confirmed-but-updates-not-pulled\/\">Microsoft patch day issues Jan. 2022: bugs confirmed, but updates not pulled<\/a>.<\/p>\n<p>The only option is then to wait for revision updates from Microsoft. There is one piece of good news, however, because Windows Server 2019 and Windows 10 version 1809 are not vulnerable by default. Unless you have enabled HTTP trailer support via the \"EnableTrailerSupport\" registry value, the systems are not vulnerable. Microsoft recommends delete the <em>EnableTrailerSupport<\/em> DWORD registry value, if present at:<\/p>\n<p>HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\HTTP\\Parameters<\/p>\n<p>This mitigation applies only to Windows Server 2019 and Windows 10, version 1809 and does not apply to Windows 20H2 and later.<\/p>\n<h3>CVE-2022-21913: Local Security Authority (Domain Policy) Remote Protocol<\/h3>\n<p>Vulnerability <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-21913\" target=\"_blank\" rel=\"noopener\">CVE-2022-21913<\/a> allows a security feature bypass, i.e. a security policy bypass. However, Microsoft only classifies the whole thing as important and sees the exploitability as unlikely. Microsoft has published the support article <a href=\"https:\/\/support.microsoft.com\/help\/5010265\" target=\"_blank\" rel=\"noopener\">KB5010265<\/a>\u00a0 with more information about this.<\/p>\n<p>Going through the list above, the HTTP Protocol Stack vulnerability CVE-2022-21907 seems to me to be the most critical. Here, administrators should check if the described measure to disable <em>EnableTrailerSupport<\/em> can be used. For the Exchange vulnerability CVE-2022-21846 an update is available (<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/sicherheitsupdates-fr-exchange-server-januar-2022\/\">Security Updates for Exchange Server (January 2022)<\/a>). I am not aware of any collateral damage here so far.<\/p>\n<h2>The Defender Information disclosure bug<\/h2>\n<p>For at least eight years, there has been a bug in Microsoft Defender that allows malware to query locations excluded from scanning and store malware there. The problem also affects Windows 10 21H1 and Windows 10 21H2, as Bleeping Computer colleagues describe in <a href=\"https:\/\/web.archive.org\/web\/20221026105236\/https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-defender-weakness-lets-hackers-bypass-malware-detection\/\" target=\"_blank\" rel=\"noopener\">this article<\/a>.<\/p>\n<p><strong>Similar articles:<br \/>\n<\/strong><a href=\"https:\/\/borncity.com\/win\/2022\/01\/05\/windows-server-notfall-update-fixt-remote-desktop-probleme-4-1-2022\/\">Windows Server: Out-of-Band Update fixes Remote Desktop issues (2022\/01\/04)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/05\/microsoft-office-updates-4-januar-2022\/\">Microsoft Office Updates (January 4, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/11\/microsoft-security-update-summary-11-januar-2022\/\">Microsoft Security Update Summary (January 11, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme\/\">Patchday: Windows 8.1\/Server 2012 R2 Updates (January 11, 2022), boot loop reported<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/patchday-windows-10-updates-11-januar-2022\/\">Patchday: Windows 10 Updates (January 11, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/patchday-windows-11-updates-11-januar-2022\/\">Patchday: Windows 11 Updates (January 11, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/patchday-updates-fr-windows-7-server-2008-r2-11-januar-2022\/\">Patchday: Updates for Windows 7\/Server 2008 R2 (January 11, 2022)<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/windows-server-januar-2022-sicherheitsupdates-verursachen-boot-schleife\/\">Windows Server: January 2022 security updates are causing DC boot loop<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/windows-vpn-verbindungen-l2tp-over-ipsec-nach-januar-2022-update-kaputt\/\">Windows VPN connections (L2TP over IPSEC) broken after January 2022 update<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/12\/windows-server-2012-r2-januar-2022-update-kb5009586-brickt-hyper-v-host\/\">Windows Server 2012\/R2: January 2022 Update KB5009586 bricks Hyper-V Host<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/14\/microsoft-patch-day-issues-jan-2022-bugs-confirmed-but-updates-not-pulled\/\">Microsoft patch day issues Jan. 2022: bugs confirmed, but updates not pulled<\/a><\/p>\n<p><a href=\"https:\/\/borncity.com\/win\/2022\/01\/17\/microsoft-januar-2022-patchday-revisionen-14-1-2022\/\">Microsoft Microsoft Januar 2022 Patchday Revisions (2022\/01\/14)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/18\/windows-out-of-band-updates-fixes-jan-2020-patch-day-issues-jan-17-2022\/\">Windows Out-of-band Updates fixes Jan. 2022 patch day issues (Jan. 17, 2022)<\/a><br \/>\n<a href=\"https:\/\/borncity.com\/win\/2022\/01\/18\/windows-10-server-out-of-band-updates-fixes-jan-2022-patch-day-issues-jan-17-2022\/\" target=\"_blank\" rel=\"noopener\">Windows 10\/Server: Out-of-band Updates fixes Jan. 2022 patch day issues (Jan. 17, 2022)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]As of January 11, 2022, Microsoft has released a number of security updates for Windows and Office that are supposed to eliminate vulnerabilities. However, some of these updates caused problems, disrupting functions in Windows. On January 14, 2022, Microsoft released &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/01\/17\/microsoft-januar-2022-patchday-revisionen-14-1-2022\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,580,22,2],"tags":[125,2700,69,195,194],"class_list":["post-22996","post","type-post","status-publish","format-standard","hentry","category-office","category-security","category-update","category-windows","tag-office","tag-patchday-1-2022","tag-security","tag-update","tag-windows"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22996","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22996"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22996\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22996"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22996"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22996"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}