www.bleepingcomputer.com
Open in
urlscan Pro
104.20.59.209
Public Scan
URL:
https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/
Submission: On January 12 via api from US — Scanned from DE
Submission: On January 12 via api from US — Scanned from DE
Form analysis
6 forms found in the DOMhttps://www.bleepingcomputer.com/search/
<form title="Search site" action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>
https://www.bleepingcomputer.com/search/
<form action="https://www.bleepingcomputer.com/search/">
<input type="hidden" name="cx" value="partner-pub-0920899300397823:3529943228">
<input type="hidden" name="cof" value="FORID:10">
<input type="hidden" name="ie" value="UTF-8">
<input type="search" name="q" aria-label="Search Site" placeholder="Search Site">
</form>
POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" name="EMAIL" aria-label="Enter email address" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>
POST //bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e
<form action="//bleepingcomputer.us10.list-manage.com/subscribe/post?u=3e2b3b692f780cdff40d45346&id=30c98e654e" method="post" target="_blank" novalidate="">
<input type="email" aria-label="Enter email address" name="EMAIL" placeholder="Email Address...">
<div style="position: absolute; left: -5000px;"><input type="hidden" aria-hidden="true" name="b_3e2b3b692f780cdff40d45346_30c98e654e" tabindex="-1" value=""></div>
<input type="submit" value="Submit" class="bc_sub_btn">
</form>
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process&return=https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process&return=https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/"
method="post">
<div class="bc_form_feild">
<label for="ips_username">Username</label>
<input aria-label="Enter login name" title="Enter login name" type="text" id="ips_username" name="ips_username" autocomplete="username">
</div>
<div class="bc_form_feild">
<label for="ips_password">Password</label>
<input aria-label="Enter login password" title="Enter login passwod" type="password" id="ips_password" name="ips_password" autocomplete="current-password">
</div>
<div class="bc_form_feild">
<div class="bc_remember">
<input id="remember" type="checkbox" name="rememberMe" value="1" checked="checked">
<label for="remember">Remember Me</label>
</div>
<div class="bc_anon">
<input id="anonymous" type="checkbox" name="anonymous" value="1">
<label for="anonymous">Sign in anonymously</label>
</div>
</div>
<div class="bc_btn_wrap">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="submit" aria-label="Login to site" title="Login" value="Login" class="bc_sub_btn">
<a aria-label="Sign in with Twitter" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter&return=https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2022-patch-tuesday-fixes-6-zero-days-97-flaws/" class="bc_twitter_btn"><img src="https://www.bleepstatic.com/images/site/login/twitter.png" width="28" height="24" alt="Sign in with Twitter button"> Sign in with Twitter</a>
<hr>
<p>Not a member yet? <a aria-label="Register account" title="Register account" href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register">Register Now</a></p>
</div>
</form>
<form>
<input type="hidden" id="comment-id-report" value="0">
<ul>
<li>
<label><input type="radio" name="comment-report-reason" value="Spam">Spam</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Abusive or Harmful">Abusive or Harmful</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Inappropriate content">Inappropriate content</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Strong language">Strong language</label>
</li>
<li>
<label><input type="radio" name="comment-report-reason" value="Other">Other</label>
</li>
<li id="comment-report-other-reason-wrap" style="display:none;">
<textarea aria-label="Enter other reason for reporting the comment" rows="2" cols="2" id="comment-report-other-reason"></textarea>
</li>
</ul>
<p>Read our <a href="https://www.bleepingcomputer.com/posting-guidelines/">posting guidelinese</a> to learn what content is prohibited.</p>
</form>
Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE * * * * * * * News * Featured * Latest * Microsoft: powerdir bug gives access to protected macOS user data * Europol ordered to erase data on those not linked to crime * WordPress 5.8.3 security update fixes SQL injection, XSS flaws * Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps * State hackers use new PowerShell backdoor in Log4j attacks * Microsoft: New critical Windows HTTP vulnerability is wormable * This $39 course bundle is get you on the road to mastering Python * Firefox Focus now blocks cross-site tracking on Android devices * Downloads * Latest * Most Downloaded * Qualys BrowserCheck * STOPDecrypter * AuroraDecrypter * FilesLockerDecrypter * AdwCleaner * ComboFix * RKill * Junkware Removal Tool * Virus Removal Guides * Latest * Most Viewed * Ransomware * How to remove the PBlock+ adware browser extension * Remove the Toksearches.xyz Search Redirect * Remove the Smashapps.net Search Redirect * Remove the Smashappsearch.com Search Redirect * Remove Security Tool and SecurityTool (Uninstall Guide) * How to remove Antivirus 2009 (Uninstall Instructions) * How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo * How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller * Locky Ransomware Information, Help Guide, and FAQ * CryptoLocker Ransomware Information Guide and FAQ * CryptorBit and HowDecrypt Information Guide and FAQ * CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ * Tutorials * Latest * Popular * How to make the Start menu full screen in Windows 10 * How to install the Microsoft Visual C++ 2015 Runtime * How to open an elevated PowerShell Admin prompt in Windows 10 * How to Translate a Web Page in Google Chrome * How to start Windows in Safe Mode * How to remove a Trojan, Virus, Worm, or other Malware * How to show hidden files in Windows 7 * How to see hidden files in Windows * Deals * Categories * eLearning * IT Certification Courses * Gear + Gadgets * Security * Forums * More * Startup Database * Uninstall Database * File Database * Glossary * Chat on Discord * Send us a Tip! * Welcome Guide * Home * News * Microsoft * Microsoft January 2022 Patch Tuesday fixes 6 zero-days, 97 flaws * AddThis Sharing Buttons Share to FacebookFacebookShare to TwitterTwitterShare to LinkedInLinkedInShare to RedditRedditShare to Hacker NewsHacker NewsShare to EmailEmail * MICROSOFT JANUARY 2022 PATCH TUESDAY FIXES 6 ZERO-DAYS, 97 FLAWS By LAWRENCE ABRAMS * January 11, 2022 * 01:31 PM * 0 Today is Microsoft's January 2022 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 97 flaws. Microsoft has fixed 97 vulnerabilities (not including 29 Microsoft Edge vulnerabilities ) with today's update, with nine classified as Critical and 88 as Important. The number of each type of vulnerability is listed below: PLAY Top Articles Video Settings Full Screen About Connatix V144775 Read More Read More Read More Read More Read More Windows 10 KB5009543 & KB5009545updates released 1/1 Skip Ad Continue watching after the ad Visit Advertiser website GO TO PAGE * 41 Elevation of Privilege Vulnerabilities * 9 Security Feature Bypass Vulnerabilities * 29 Remote Code Execution Vulnerabilities * 6 Information Disclosure Vulnerabilities * 9 Denial of Service Vulnerabilities * 3 Spoofing Vulnerabilities SIX ZERO-DAYS FIXED, NONE ACTIVELY EXPLOITED This month's Patch Tuesday includes fixes for six publicly disclosed zero-day vulnerabilities. The good news is that none of them have been actively exploited in attacks. Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available. The publicly disclosed vulnerabilities fixes as part of the December 2021 Patch Tuesday are: * CVE-2021-22947 - Open Source Curl Remote Code Execution Vulnerability * CVE-2021-36976 - Libarchive Remote Code Execution Vulnerability * CVE-2022-21919 - Windows User Profile Service Elevation of Privilege Vulnerability * CVE-2022-21836 - Windows Certificate Spoofing Vulnerability * CVE-2022-21839 - Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability * CVE-2022-21874 - Windows Security Center API Remote Code Execution Vulnerability Both the Curl and Libarchive vulnerabilities had already been fixed by their maintainers but the fixes were not added to Windows until today. However, as many of these have public proof-of-concept exploits available, they will likely be exploited by threat actors soon. RECENT UPDATES FROM OTHER COMPANIES Other vendors who released updates in January 2022 include: * Adobe's January updates are released today. * Android's December security updates were released last week. * Cisco released security updates for numerous products this month, including Cisco Prime Infrastructure and Cisco Common Services Platform Collector. * SAP released its January 2022 security updates. * VMWare released fixes for a code execution vulnerability in VMWare Workstation, Fusion, and ESXi. THE JANUARY 2022 PATCH TUESDAY SECURITY UPDATES Below is the complete list of resolved vulnerabilities and released advisories in the January 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here. Tag CVE ID CVE Title Severity .NET Framework CVE-2022-21911 .NET Framework Denial of Service Vulnerability Important Microsoft Dynamics CVE-2022-21932 Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability Important Microsoft Dynamics CVE-2022-21891 Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability Important Microsoft Edge (Chromium-based) CVE-2022-0105 Chromium: CVE-2022-0105 Use after free in PDF Unknown Microsoft Edge (Chromium-based) CVE-2022-0102 Chromium: CVE-2022-0102 Type Confusion in V8 Unknown Microsoft Edge (Chromium-based) CVE-2022-0104 Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE Unknown Microsoft Edge (Chromium-based) CVE-2022-0101 Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks Unknown Microsoft Edge (Chromium-based) CVE-2022-0103 Chromium: CVE-2022-0103 Use after free in SwiftShader Unknown Microsoft Edge (Chromium-based) CVE-2022-0109 Chromium: CVE-2022-0109 Inappropriate implementation in Autofill Unknown Microsoft Edge (Chromium-based) CVE-2022-0110 Chromium: CVE-2022-0110 Incorrect security UI in Autofill Unknown Microsoft Edge (Chromium-based) CVE-2022-0108 Chromium: CVE-2022-0108 Inappropriate implementation in Navigation Unknown Microsoft Edge (Chromium-based) CVE-2022-0106 Chromium: CVE-2022-0106 Use after free in Autofill Unknown Microsoft Edge (Chromium-based) CVE-2022-0107 Chromium: CVE-2022-0107 Use after free in File Manager API Unknown Microsoft Edge (Chromium-based) CVE-2022-21954 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important Microsoft Edge (Chromium-based) CVE-2022-21970 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability Important Microsoft Edge (Chromium-based) CVE-2022-21931 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important Microsoft Edge (Chromium-based) CVE-2022-21929 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Moderate Microsoft Edge (Chromium-based) CVE-2022-21930 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Important Microsoft Edge (Chromium-based) CVE-2022-0099 Chromium: CVE-2022-0099 Use after free in Sign-in Unknown Microsoft Edge (Chromium-based) CVE-2022-0100 Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API Unknown Microsoft Edge (Chromium-based) CVE-2022-0098 Chromium: CVE-2022-0098 Use after free in Screen Capture Unknown Microsoft Edge (Chromium-based) CVE-2022-0096 Chromium: CVE-2022-0096 Use after free in Storage Unknown Microsoft Edge (Chromium-based) CVE-2022-0097 Chromium: CVE-2022-0097 Inappropriate implementation in DevTools Unknown Microsoft Edge (Chromium-based) CVE-2022-0116 Chromium: CVE-2022-0116 Inappropriate implementation in Compositing Unknown Microsoft Edge (Chromium-based) CVE-2022-0117 Chromium: CVE-2022-0117 Policy bypass in Service Workers Unknown Microsoft Edge (Chromium-based) CVE-2022-0115 Chromium: CVE-2022-0115 Uninitialized Use in File API Unknown Microsoft Edge (Chromium-based) CVE-2022-0113 Chromium: CVE-2022-0113 Inappropriate implementation in Blink Unknown Microsoft Edge (Chromium-based) CVE-2022-0114 Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial Unknown Microsoft Edge (Chromium-based) CVE-2022-0118 Chromium: CVE-2022-0118 Inappropriate implementation in WebShare Unknown Microsoft Edge (Chromium-based) CVE-2022-0111 Chromium: CVE-2022-0111 Inappropriate implementation in Navigation Unknown Microsoft Edge (Chromium-based) CVE-2022-0112 Chromium: CVE-2022-0112 Incorrect security UI in Browser UI Unknown Microsoft Edge (Chromium-based) CVE-2022-0120 Chromium: CVE-2022-0120 Inappropriate implementation in Passwords Unknown Microsoft Exchange Server CVE-2022-21969 Microsoft Exchange Server Remote Code Execution Vulnerability Important Microsoft Exchange Server CVE-2022-21846 Microsoft Exchange Server Remote Code Execution Vulnerability Critical Microsoft Exchange Server CVE-2022-21855 Microsoft Exchange Server Remote Code Execution Vulnerability Important Microsoft Graphics Component CVE-2022-21904 Windows GDI Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2022-21903 Windows GDI Elevation of Privilege Vulnerability Important Microsoft Graphics Component CVE-2022-21915 Windows GDI+ Information Disclosure Vulnerability Important Microsoft Graphics Component CVE-2022-21880 Windows GDI+ Information Disclosure Vulnerability Important Microsoft Office CVE-2022-21840 Microsoft Office Remote Code Execution Vulnerability Critical Microsoft Office Excel CVE-2022-21841 Microsoft Excel Remote Code Execution Vulnerability Important Microsoft Office SharePoint CVE-2022-21837 Microsoft SharePoint Server Remote Code Execution Vulnerability Important Microsoft Office Word CVE-2022-21842 Microsoft Word Remote Code Execution Vulnerability Important Microsoft Windows Codecs Library CVE-2022-21917 HEVC Video Extensions Remote Code Execution Vulnerability Critical Open Source Software CVE-2021-22947 Open Source Curl Remote Code Execution Vulnerability Critical Role: Windows Hyper-V CVE-2022-21901 Windows Hyper-V Elevation of Privilege Vulnerability Important Role: Windows Hyper-V CVE-2022-21900 Windows Hyper-V Security Feature Bypass Vulnerability Important Role: Windows Hyper-V CVE-2022-21905 Windows Hyper-V Security Feature Bypass Vulnerability Important Role: Windows Hyper-V CVE-2022-21847 Windows Hyper-V Denial of Service Vulnerability Important Tablet Windows User Interface CVE-2022-21870 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability Important Windows Account Control CVE-2022-21859 Windows Accounts Control Elevation of Privilege Vulnerability Important Windows Active Directory CVE-2022-21857 Active Directory Domain Services Elevation of Privilege Vulnerability Critical Windows AppContracts API Server CVE-2022-21860 Windows AppContracts API Server Elevation of Privilege Vulnerability Important Windows Application Model CVE-2022-21862 Windows Application Model Core API Elevation of Privilege Vulnerability Important Windows BackupKey Remote Protocol CVE-2022-21925 Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability Important Windows Bind Filter Driver CVE-2022-21858 Windows Bind Filter Driver Elevation of Privilege Vulnerability Important Windows Certificates CVE-2022-21836 Windows Certificate Spoofing Vulnerability Important Windows Cleanup Manager CVE-2022-21838 Windows Cleanup Manager Elevation of Privilege Vulnerability Important Windows Clipboard User Service CVE-2022-21869 Clipboard User Service Elevation of Privilege Vulnerability Important Windows Cluster Port Driver CVE-2022-21910 Microsoft Cluster Port Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2022-21897 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Common Log File System Driver CVE-2022-21916 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important Windows Connected Devices Platform Service CVE-2022-21865 Connected Devices Platform Service Elevation of Privilege Vulnerability Important Windows Cryptographic Services CVE-2022-21835 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Important Windows Defender CVE-2022-21921 Windows Defender Credential Guard Security Feature Bypass Vulnerability Important Windows Defender CVE-2022-21906 Windows Defender Application Control Security Feature Bypass Vulnerability Important Windows Devices Human Interface CVE-2022-21868 Windows Devices Human Interface Elevation of Privilege Vulnerability Important Windows Diagnostic Hub CVE-2022-21871 Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability Important Windows DirectX CVE-2022-21898 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical Windows DirectX CVE-2022-21918 DirectX Graphics Kernel File Denial of Service Vulnerability Important Windows DirectX CVE-2022-21912 DirectX Graphics Kernel Remote Code Execution Vulnerability Critical Windows DWM Core Library CVE-2022-21852 Windows DWM Core Library Elevation of Privilege Vulnerability Important Windows DWM Core Library CVE-2022-21902 Windows DWM Core Library Elevation of Privilege Vulnerability Important Windows DWM Core Library CVE-2022-21896 Windows DWM Core Library Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2022-21872 Windows Event Tracing Elevation of Privilege Vulnerability Important Windows Event Tracing CVE-2022-21839 Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability Important Windows Geolocation Service CVE-2022-21878 Windows Geolocation Service Remote Code Execution Vulnerability Important Windows HTTP Protocol Stack CVE-2022-21907 HTTP Protocol Stack Remote Code Execution Vulnerability Critical Windows IKE Extension CVE-2022-21843 Windows IKE Extension Denial of Service Vulnerability Important Windows IKE Extension CVE-2022-21890 Windows IKE Extension Denial of Service Vulnerability Important Windows IKE Extension CVE-2022-21883 Windows IKE Extension Denial of Service Vulnerability Important Windows IKE Extension CVE-2022-21889 Windows IKE Extension Denial of Service Vulnerability Important Windows IKE Extension CVE-2022-21848 Windows IKE Extension Denial of Service Vulnerability Important Windows IKE Extension CVE-2022-21849 Windows IKE Extension Remote Code Execution Vulnerability Important Windows Installer CVE-2022-21908 Windows Installer Elevation of Privilege Vulnerability Important Windows Kerberos CVE-2022-21920 Windows Kerberos Elevation of Privilege Vulnerability Important Windows Kernel CVE-2022-21881 Windows Kernel Elevation of Privilege Vulnerability Important Windows Kernel CVE-2022-21879 Windows Kernel Elevation of Privilege Vulnerability Important Windows Libarchive CVE-2021-36976 Libarchive Remote Code Execution Vulnerability Important Windows Local Security Authority CVE-2022-21913 Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass Important Windows Local Security Authority Subsystem Service CVE-2022-21884 Local Security Authority Subsystem Service Elevation of Privilege Vulnerability Important Windows Modern Execution Server CVE-2022-21888 Windows Modern Execution Server Remote Code Execution Vulnerability Important Windows Push Notifications CVE-2022-21867 Windows Push Notifications Apps Elevation Of Privilege Vulnerability Important Windows RDP CVE-2022-21851 Remote Desktop Client Remote Code Execution Vulnerability Important Windows RDP CVE-2022-21850 Remote Desktop Client Remote Code Execution Vulnerability Important Windows RDP CVE-2022-21893 Remote Desktop Protocol Remote Code Execution Vulnerability Important Windows Remote Access Connection Manager CVE-2022-21914 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important Windows Remote Access Connection Manager CVE-2022-21885 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important Windows Remote Desktop CVE-2022-21964 Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability Important Windows Remote Procedure Call Runtime CVE-2022-21922 Remote Procedure Call Runtime Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21961 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21959 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21958 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21960 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21963 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21892 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21962 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Resilient File System (ReFS) CVE-2022-21928 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability Important Windows Secure Boot CVE-2022-21894 Secure Boot Security Feature Bypass Vulnerability Important Windows Security Center CVE-2022-21874 Windows Security Center API Remote Code Execution Vulnerability Important Windows StateRepository API CVE-2022-21863 Windows StateRepository API Server file Elevation of Privilege Vulnerability Important Windows Storage CVE-2022-21875 Windows Storage Elevation of Privilege Vulnerability Important Windows Storage Spaces Controller CVE-2022-21877 Storage Spaces Controller Information Disclosure Vulnerability Important Windows System Launcher CVE-2022-21866 Windows System Launcher Elevation of Privilege Vulnerability Important Windows Task Flow Data Engine CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability Important Windows Tile Data Repository CVE-2022-21873 Tile Data Repository Elevation of Privilege Vulnerability Important Windows UEFI CVE-2022-21899 Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Important Windows UI Immersive Server CVE-2022-21864 Windows UI Immersive Server API Elevation of Privilege Vulnerability Important Windows User Profile Service CVE-2022-21895 Windows User Profile Service Elevation of Privilege Vulnerability Important Windows User Profile Service CVE-2022-21919 Windows User Profile Service Elevation of Privilege Vulnerability Important Windows User-mode Driver Framework CVE-2022-21834 Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability Important Windows Virtual Machine IDE Drive CVE-2022-21833 Virtual Machine IDE Drive Elevation of Privilege Vulnerability Critical Windows Win32K CVE-2022-21882 Win32k Elevation of Privilege Vulnerability Important Windows Win32K CVE-2022-21876 Win32k Information Disclosure Vulnerability Important Windows Win32K CVE-2022-21887 Win32k Elevation of Privilege Vulnerability Important Windows Workstation Service Remote Protocol CVE-2022-21924 Workstation Service Remote Protocol Security Feature Bypass Vulnerability Important RELATED ARTICLES: Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws Microsoft: New security updates trigger Windows Server auth issues Windows 11 KB5009566 update released with security fixes Microsoft: powerdir bug gives access to protected macOS user data Rapid window title changes cause ‘white screen of death’ * Microsoft * Patch Tuesday * Security Update * Vulnerability * Windows * Facebook * Twitter * LinkedIn * Email * LAWRENCE ABRAMS Lawrence Abrams is the owner and Editor in Chief of BleepingComputer.com. Lawrence's area of expertise includes Windows, malware removal, and computer forensics. Lawrence Abrams is a co-author of the Winternals Defragmentation, Recovery, and Administration Field Guide and the technical editor for Rootkits for Dummies. * Previous Article * Next Article POST A COMMENT COMMUNITY RULES YOU NEED TO LOGIN IN ORDER TO POST A COMMENT Not a member yet? Register Now YOU MAY ALSO LIKE: Popular Stories * Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps * Linux version of AvosLocker ransomware targets VMware ESXi servers NEWSLETTER SIGN UP To receive periodic updates and news from BleepingComputer, please use the form below. NEWSLETTER SIGN UP * Follow us: * * * * MAIN SECTIONS * News * Downloads * Virus Removal Guides * Tutorials * Startup Database * Uninstall Database * File Database * Glossary COMMUNITY * Forums * Forum Rules * Chat USEFUL RESOURCES * Welcome Guide * Sitemap COMPANY * About BleepingComputer * Contact Us * Send us a Tip! * Advertising * Write for BleepingComputer * Social & Feeds * Changelog Terms of Use - Privacy Policy - Ethics Statement Copyright @ 2003 - 2022 Bleeping Computer® LLC - All Rights Reserved LOGIN Username Password Remember Me Sign in anonymously Sign in with Twitter -------------------------------------------------------------------------------- Not a member yet? Register Now REPORTER HELP US UNDERSTAND THE PROBLEM. WHAT IS GOING ON WITH THIS COMMENT? * Spam * Abusive or Harmful * Inappropriate content * Strong language * Other * Read our posting guidelinese to learn what content is prohibited. Submitting... SUBMIT