Service Notices

All Notices > Security Notices > Microsoft Releases January 2022 Security Updates

Microsoft Releases January 2022 Security Updates

Jan 14, 2022 GMT+08:00

I. Overview

Microsoft has released its January 2022 Security Updates. A total of 97 security vulnerabilities have been disclosed, among which 9 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The affected applications include Microsoft Windows, Microsoft Office, Microsoft Exchange Server, and Microsoft Visual Studio Code.

For details, visit Microsoft official website:

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan

Among the vulnerabilities, the HTTP Protocol Stack remote code execution vulnerability (CVE-2022-21907) is severe. Unauthorized attackers can exploit this vulnerability by sending specially crafted request packets to execute arbitrary code remotely. This vulnerability is officially marked as a risk that may cause worms. Please perform security self-check and security hardening in a timely manner to reduce attack risks.

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Microsoft Windows, Microsoft Office, Microsoft Exchange Server, Microsoft Visual Studio Code

IV. Vulnerability Details

CVE ID

Name

Severity

Affected Product

CVE-2022-21907

HTTP Protocol Stack remote code execution vulnerability

Important

Windows 10, Windows 11, Windows Server 2019/2022, Windows Server, version 20H2

CVE-2021-22947

Open source Curl remote code execution vulnerability

Important

Windows 10, Windows 11, Windows Server 2019/2022, Windows Server, version 20H2

CVE-2022-21846

Microsoft Exchange Server remote code execution vulnerability

Important

Microsoft Exchange Server 2013/2016/2019

CVE-2022-21857

Active directory domain services privilege elevation vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server, version 20H2

CVE-2022-21840

Microsoft Office remote code execution vulnerability

Important

Microsoft 365 Apps, Microsoft Excel 2013/2013RT/2016, Microsoft Office 2013/2013RT/2016/2019, Microsoft Office 2019 for Mac, Microsoft Office LTSC 2021, Microsoft Office LTSC for Mac 2021, Microsoft Office Online Server, Microsoft Office Web Apps Server 2013, Microsoft SharePoint Enterprise Server 2013/2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Foundation 2013, Microsoft SharePoint Server Subscription Edition

CVE-2022-21917

HEVC Video Extensions remote code execution vulnerability

Important

HEVC Video Extensions

CVE-2022-21833

Virtual Machine IDE drive elevation of privilege vulnerability

Important

Windows 10, Windows 8.1/RT 8.1, Windows 7, Windows 11, Windows Server 2008/2008R/2012/2012R/2016/2019/2022, Windows Server, version 20H2

CVE-2022-21898

DirectX Graphics kernel remote code execution vulnerability

Important

Windows 10, Windows Server 2019/2022, Windows Server, version 20H2

CVE-2022-21912

DirectX Graphics kernel remote code execution vulnerability

Important

Windows 10, Windows Server 2019, Windows Server, version 20H2

(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)

V. Security Recommendations

1. Use Windows Update or download patches from the following address to fix the vulnerabilities:

https://msrc.microsoft.com/update-guide

2. Back up data remotely to protect your data.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.