We look at the vulnerabilities reported by Microsoft in January 2022. Most of these security vulnerabilities on various Microsoft software and operating system versions have been reported on 11th January, to coincide with the Tuesday patch day. However, a few have been reported after that date as well. It is a good idea to audit your patching efforts against the major vulnerabilities that afford a critical impact on your servers or workstations.
CVE-2022-21849 – Windows IKE Extension Remote Code Execution Vulnerability
This is a critical vulnerability with a CVSS score of 9.8. It can affect systems that are running IPSEC service. In an infrastructure environment where Internet Key Exchange (IKE) version 2 is enabled, a remote attacker could trigger multiple vulnerabilities without being authenticated. Since this is a Remote Code execution vulnerability of a critical nature, immediate patching is required.
This vulnerability affects the following operating systems:
- Windows Server 2022
- Windows Server 2022 (Server Core Installation)
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core Installation)
- Windows 10 version 21H2, 21H1, 20H2, 1909, 1809, 1607.
- Windows 11
January patches for Windows Server 2016, 2019, 2022, Windows 10, and Windows 11 cover you against this vulnerability. If you have had issues with the January updates, please uninstall and deploy the emergency updates released by Microsoft for the month of January. You can read more about the emergency updates for January on this page.
CVE-2022-21907-HTTP Protocol Stack Remote Code Execution Vulnerability
The CVE-2022-21907 is a critical vulnerability with a CVSS score of 9.8. This vulnerability requires immediate closure. A remote attacker could use the HTTP protocol stack (http.sys) to process packets that may be maliciously deployed or sent to the vulnerable system.
The vulnerability does not affect Windows 10 version 1809 and Windows Server 2019. However, you may still check the registry value for HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters. If you see the DWORD registry value “EnableTrailerSupport”, then please delete it from the registry hive mentioned above.
Windows 10 version 1909 is not affected by this vulnerability.
Aside from these, the other impacted systems include:
- Windows Server 2022
- Windows Server 2022 (Server Core Installation)
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows 10 version 21H2, 21H1, 20H2, 1809
- Windows 11
The monthly security updates for January month cover these vulnerabilities and therefore, you must deploy these to protect the infrastructure.
CVE-2022-21901- Windows Hyper-V Elevation of Privilege Vulnerability
The Hyper V vulnerability affects most Windows Servers, Windows 10, and Windows 11 workstations. It is a critical vulnerability with a CVSS score of 9, thereby requiring immediate resolution. The vulnerability involves compromising the Hyper V guest to run malicious code and gain elevated authentication rights on the servers or workstations. The authenticated attacker could gain access to another Hyper V guest running on the same Hyper V host. Since the vulnerability could adversely impact the Hyper V guests by an attacker, this ‘Elevation of Privileges’ vulnerability requires your attention and immediate patching.
The Hyper V vulnerability affects a lot of Windows Server products. The following Windows operating systems are affected because of the Hyper V vulnerability.
- Windows Server 2022
- Windows Server 2022 (Server Core Installation)
- Windows Server, version 20H2 (Server Core Installation)
- Windows Server 2019
- Windows Server 2019 (Server Core installation)
- Windows Server 2016
- Windows Server 2016 (Server Core Installation)
- Windows Server 2012 R2
- Windows Server 2012 R2 (Server Core Installation)
- Windows 10 version 21H2, 21H1, 20H2, 1909, 1809, 1607
- Windows 11
- Windows 8.1
All the Hyper V vulnerabilities for different Windows servers and client computers are resolved through the January security updates. If you ran into issues with the updates, please install the emergency updates released by Microsoft to address the issues that cropped up after installing the January security updates.
CVE-2021-43905-Microsoft Office app Remote Code Execution Vulnerability
This is a critical vulnerability of CVSS score 9.6. The vulnerability is a remote code execution flaw. It affects the Microsoft office app, and is easily resolvable. If your system accepts automatic app updates (automatic updates should be enabled on the system) from the Microsoft Store, the Store would automatically download the updated and patched version of the Office app. Alternatively, you can manually download the app update from the Microsoft Store from the following page – https://www.microsoft.com/en-us/p/office/9wzdncrd29v9. Office app version 18.2110.13110.0 and higher come with a resolution of CVE-2021-43905 vulnerability. Do make sure that your workstations have the Office app version 18.2110.13110.0 or higher.
Other critical vulnerabilities have affected Microsoft Exchange Servers. We list the three critical vulnerabilities that were disclosed in January 2022.
CVE-2022-21846 – Microsoft Exchange Server Remote Code Execution Vulnerability
This is a critical vulnerability that can cause man-in-the-middle attacks through a compromised target. The CVSS score of this vulnerability is 9. Since the attack vector for the vulnerability is adjacent, it implies that the attack would come from a system that is proximal to the target system. The attack could launch from a system on the same physical network, an extended VPN endpoint, or the same logical network segment. The intermediary system could be used by a remote attacker to deploy malicious code on the target system.
The resolution for this vulnerability on Exchange servers has been provided in the security update KB5008631. This vulnerability impacts the following Exchange Servers:
- Exchange Server 2019, Cumulative Updates 10 and 11.
- Exchange Server 2016, Cumulative Updates 21 and 22.
- Exchange Server 2013, Cumulative Updates 23.
CVE-2022-21855- Microsoft Exchange Server Remote Code Execution Vulnerability
This is a critical vulnerability with a CVSS score of 9. The vulnerability involves a potential man in the middle attacks through an intermediary system that may reside on the same physical network, a distant or proximal VPN endpoint, or within the same logical network segment. The resolution for this vulnerability has been provided as part of the Exchange Server cumulative security update KB5008631.
This vulnerability affects the following Exchange Server versions:
- Exchange Server 2019, Cumulative Updates 10 and 11.
- Exchange Server 2016, Cumulative Updates 21 and 22.
- Exchange Server 2013, Cumulative Update 23.
CVE-2022-21969 – Microsoft Exchange Server Remote Code Execution Vulnerability
This is another critical vulnerability with a CVSS score of 9. The vulnerability allows an attacker to use an intermediary system to launch man in the middle attack on the vulnerable target. The attacker could use a system on the same physical network, a VPN endpoint system, or a system on the same logical network segment. Eventually, a remote attacker could deploy malicious code on the target and execute code on the target server.
A fix for this vulnerability has been shared as part of the Exchange Server cumulative security update KB5008631. You can download the security update for Exchange Servers from the following page on the Microsoft Update catalog.
The vulnerability affects the following Microsoft Exchange server versions:
- Exchange Server 2019, Cumulative Updates 10 and 11.
- Exchange Server 2016, Cumulative Updates 21 and 22.
- Exchange Server 2013, Cumulative Update 23.
Summary
For the month of January, there are 6 published critical vulnerabilities that affect the Windows Server, Office app, and Microsoft Exchange Servers. All these vulnerabilities have been patched in the security updates released by Microsoft on January 11, 2022. Subsequent emergency updates have also been released for the Windows Servers. Please do make sure that your Windows Servers are patched against the two critical vulnerabilities shared by Microsoft.
On a similar basis, three critical vulnerabilities on the Exchange Server need to be patched through KB5008631.
You may also like to read more about the following content related to the updates on Windows Servers:
- KB5009586 Monthly Rollup for Windows Server 2012
- January Emergency Updates – Microsoft Windows Servers
- Security Update KB5009557 for Windows Server 2019 – January Updates
- January Security Update KB5009619 for Windows Server 2012
- January Security Update KB5009555 for Windows Server 2022
- KB5009595 Security Update for Window Server 2012 R2 – January Updates
- Monthly Rollup KB5009624 for Windows Server 2012 R2 – January Updates
- KB5009546 Security Update for Windows Server 2016 – January Update
- Windows 10 KB5009543 and KB5010793 for January Updates
Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.