Styczniowy Patch Tuesday Microsoftu

utworzone przez | sty 12, 2022 | Aktualizacje

Microsoft 11 stycznia 2022 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 126 poprawki bezpieczeństwa, w tym 6 oznaczonych jako krytyczne.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Framework Denial of Service Vulnerability
CVE-2022-21911 No No Less Likely Less Likely Important 7.5 6.5
Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-21857 No No Less Likely Less Likely Critical 8.8 7.7
Chromium: CVE-2022-0096 Use after free in Storage
CVE-2022-0096 No No
Chromium: CVE-2022-0097 Inappropriate implementation in DevTools
CVE-2022-0097 No No
Chromium: CVE-2022-0098 Use after free in Screen Capture
CVE-2022-0098 No No
Chromium: CVE-2022-0099 Use after free in Sign-in
CVE-2022-0099 No No
Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API
CVE-2022-0100 No No
Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks
CVE-2022-0101 No No
Chromium: CVE-2022-0102 Type Confusion in V8
CVE-2022-0102 No No
Chromium: CVE-2022-0103 Use after free in SwiftShader
CVE-2022-0103 No No
Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE
CVE-2022-0104 No No
Chromium: CVE-2022-0105 Use after free in PDF
CVE-2022-0105 No No
Chromium: CVE-2022-0106 Use after free in Autofill
CVE-2022-0106 No No
Chromium: CVE-2022-0107 Use after free in File Manager API
CVE-2022-0107 No No
Chromium: CVE-2022-0108 Inappropriate implementation in Navigation
CVE-2022-0108 No No
Chromium: CVE-2022-0109 Inappropriate implementation in Autofill
CVE-2022-0109 No No
Chromium: CVE-2022-0110 Incorrect security UI in Autofill
CVE-2022-0110 No No
Chromium: CVE-2022-0111 Inappropriate implementation in Navigation
CVE-2022-0111 No No
Chromium: CVE-2022-0112 Incorrect security UI in Browser UI
CVE-2022-0112 No No
Chromium: CVE-2022-0113 Inappropriate implementation in Blink
CVE-2022-0113 No No
Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial
CVE-2022-0114 No No
Chromium: CVE-2022-0115 Uninitialized Use in File API
CVE-2022-0115 No No
Chromium: CVE-2022-0116 Inappropriate implementation in Compositing
CVE-2022-0116 No No
Chromium: CVE-2022-0117 Policy bypass in Service Workers
CVE-2022-0117 No No
Chromium: CVE-2022-0118 Inappropriate implementation in WebShare
CVE-2022-0118 No No
Chromium: CVE-2022-0120 Inappropriate implementation in Passwords
CVE-2022-0120 No No
Clipboard User Service Elevation of Privilege Vulnerability
CVE-2022-21869 No No Less Likely Less Likely Important 7.0 6.1
Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2022-21865 No No Less Likely Less Likely Important 7.0 6.1
DirectX Graphics Kernel File Denial of Service Vulnerability
CVE-2022-21918 No No Less Likely Less Likely Important 6.5 5.7
DirectX Graphics Kernel Remote Code Execution Vulnerability
CVE-2022-21912 No No Less Likely Less Likely Critical 7.8 6.8
CVE-2022-21898 No No Less Likely Less Likely Critical 7.8 6.8
HEVC Video Extensions Remote Code Execution Vulnerability
CVE-2022-21917 No No Less Likely Less Likely Critical 7.8 7.0
HTTP Protocol Stack Remote Code Execution Vulnerability
CVE-2022-21907 No No More Likely More Likely Critical 9.8 8.5
Libarchive Remote Code Execution Vulnerability
CVE-2021-36976 Yes No Less Likely Less Likely Important
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass
CVE-2022-21913 No No Less Likely Less Likely Important 5.3 4.8
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
CVE-2022-21884 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability
CVE-2022-21910 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2022-21835 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
CVE-2022-21871 No No Less Likely Less Likely Important 7.0 6.1
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVE-2022-21891 No No Less Likely Less Likely Important 7.6 6.6
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVE-2022-21932 No No Less Likely Less Likely Important 7.6 6.6
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-21954 No No Less Likely Less Likely Important 6.1 5.3
CVE-2022-21970 No No Less Likely Less Likely Important 6.1 5.3
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2022-21929 No No Less Likely Less Likely Moderate 2.5 2.3
CVE-2022-21930 No No Less Likely Less Likely Important 4.2 3.8
CVE-2022-21931 No No Less Likely Less Likely Important 4.2 3.8
Microsoft Excel Remote Code Execution Vulnerability
CVE-2022-21841 No No Less Likely Less Likely Important 7.8 6.8
Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2022-21846 No No More Likely More Likely Critical 9.0 7.8
CVE-2022-21855 No No More Likely More Likely Important 9.0 7.8
CVE-2022-21969 No No More Likely More Likely Important 9.0 7.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-21840 No No Less Likely Less Likely Critical 8.8 7.7
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-21837 No No Less Likely Less Likely Important 8.3 7.2
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-21842 No No Less Likely Less Likely Important 7.8 6.8
Open Source Curl Remote Code Execution Vulnerability
CVE-2021-22947 Yes No Less Likely Less Likely Critical
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-21850 No No Less Likely Less Likely Important 8.8 7.7
CVE-2022-21851 No No Less Likely Less Likely Important 8.8 7.7
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability
CVE-2022-21964 No No Less Likely Less Likely Important 5.5 4.8
Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2022-21893 No No Less Likely Less Likely Important 8.8 7.7
Remote Procedure Call Runtime Remote Code Execution Vulnerability
CVE-2022-21922 No No Less Likely Less Likely Important 8.8 7.7
Secure Boot Security Feature Bypass Vulnerability
CVE-2022-21894 No No Less Likely Less Likely Important 5.5 4.8
Storage Spaces Controller Information Disclosure Vulnerability
CVE-2022-21877 No No Less Likely Less Likely Important 5.5 4.8
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
CVE-2022-21870 No No Less Likely Less Likely Important 7.0 6.1
Task Flow Data Engine Elevation of Privilege Vulnerability
CVE-2022-21861 No No Less Likely Less Likely Important 7.0 6.1
Tile Data Repository Elevation of Privilege Vulnerability
CVE-2022-21873 No No Less Likely Less Likely Important 7.0 6.1
Virtual Machine IDE Drive Elevation of Privilege Vulnerability
CVE-2022-21833 No No Less Likely Less Likely Critical 7.8 6.8
Win32k Elevation of Privilege Vulnerability
CVE-2022-21882 No No More Likely More Likely Important 7.0 6.1
CVE-2022-21887 No No More Likely More Likely Important 7.0 6.1
Win32k Information Disclosure Vulnerability
CVE-2022-21876 No No Less Likely Less Likely Important 5.5 4.8
Windows Accounts Control Elevation of Privilege Vulnerability
CVE-2022-21859 No No Less Likely Less Likely Important 7.0 6.1
Windows AppContracts API Server Elevation of Privilege Vulnerability
CVE-2022-21860 No No Less Likely Less Likely Important 7.0 6.1
Windows Application Model Core API Elevation of Privilege Vulnerability
CVE-2022-21862 No No Less Likely Less Likely Important 7.0 6.1
Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability
CVE-2022-21925 No No Less Likely Less Likely Important 5.5 4.8
Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVE-2022-21858 No No Less Likely Less Likely Important 7.8 6.8
Windows Certificate Spoofing Vulnerability
CVE-2022-21836 Yes No Less Likely Less Likely Important 7.8 7.0
Windows Cleanup Manager Elevation of Privilege Vulnerability
CVE-2022-21838 No No Less Likely Less Likely Important 5.5 4.8
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2022-21916 No No More Likely More Likely Important 7.8 6.8
CVE-2022-21897 No No More Likely More Likely Important 7.8 6.8
Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2022-21852 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-21902 No No Less Likely Less Likely Important 7.8 6.8
CVE-2022-21896 No No Less Likely Less Likely Important 7.0 6.1
Windows Defender Application Control Security Feature Bypass Vulnerability
CVE-2022-21906 No No Less Likely Less Likely Important 5.5 4.8
Windows Defender Credential Guard Security Feature Bypass Vulnerability
CVE-2022-21921 No No Less Likely Less Likely Important 4.4 3.9
Windows Devices Human Interface Elevation of Privilege Vulnerability
CVE-2022-21868 No No Less Likely Less Likely Important 7.0 6.1
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
CVE-2022-21839 Yes No Less Likely Less Likely Important 6.1 5.5
Windows Event Tracing Elevation of Privilege Vulnerability
CVE-2022-21872 No No Less Likely Less Likely Important 7.0 6.1
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2022-21899 No No Less Likely Less Likely Important 5.5 4.8
Windows GDI Elevation of Privilege Vulnerability
CVE-2022-21903 No No More Likely More Likely Important 7.0 6.1
Windows GDI Information Disclosure Vulnerability
CVE-2022-21904 No No Less Likely Less Likely Important 7.5 6.5
Windows GDI+ Information Disclosure Vulnerability
CVE-2022-21915 No No Less Likely Less Likely Important 6.5 5.7
CVE-2022-21880 No No Less Likely Less Likely Important 7.5 6.5
Windows Geolocation Service Remote Code Execution Vulnerability
CVE-2022-21878 No No Less Likely Less Likely Important 7.8 6.8
Windows Hyper-V Denial of Service Vulnerability
CVE-2022-21847 No No Less Likely Less Likely Important 6.5 5.7
Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-21901 No No Less Likely Less Likely Important 9.0 7.8
Windows Hyper-V Security Feature Bypass Vulnerability
CVE-2022-21900 No No Less Likely Less Likely Important 4.6 4.0
CVE-2022-21905 No No Less Likely Less Likely Important 4.6 4.0
Windows IKE Extension Denial of Service Vulnerability
CVE-2022-21843 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-21883 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-21848 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-21889 No No Less Likely Less Likely Important 7.5 6.5
CVE-2022-21890 No No Less Likely Less Likely Important 7.5 6.7
Windows IKE Extension Remote Code Execution Vulnerability
CVE-2022-21849 No No Less Likely Less Likely Important 9.8 8.5
Windows Installer Elevation of Privilege Vulnerability
CVE-2022-21908 No No More Likely More Likely Important 7.8 6.8
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-21920 No No Less Likely Less Likely Important 8.8 7.7
Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-21879 No No Less Likely Less Likely Important 5.5 4.8
CVE-2022-21881 No No More Likely More Likely Important 7.0 6.1
Windows Modern Execution Server Remote Code Execution Vulnerability
CVE-2022-21888 No No Less Likely Less Likely Important 7.8 6.8
Windows Push Notifications Apps Elevation Of Privilege Vulnerability
CVE-2022-21867 No No Less Likely Less Likely Important 7.0 6.1
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2022-21885 No No More Likely More Likely Important 7.8 6.8
CVE-2022-21914 No No More Likely More Likely Important 7.8 6.8
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
CVE-2022-21892 No No Less Likely Less Likely Important 6.8 6.1
CVE-2022-21958 No No Less Likely Less Likely Important 6.8 6.1
CVE-2022-21959 No No Less Likely Less Likely Important 6.8 6.1
CVE-2022-21960 No No Less Likely Less Likely Important 6.8 6.1
CVE-2022-21961 No No Less Likely Less Likely Important 6.8 6.1
CVE-2022-21962 No No Less Likely Less Likely Important 6.8 6.1
CVE-2022-21963 No No Less Likely Less Likely Important 6.4 5.6
CVE-2022-21928 No No Less Likely Less Likely Important 6.3 5.7
Windows Security Center API Remote Code Execution Vulnerability
CVE-2022-21874 Yes No Less Likely Less Likely Important 7.8 6.8
Windows StateRepository API Server file Elevation of Privilege Vulnerability
CVE-2022-21863 No No Less Likely Less Likely Important 7.0 6.1
Windows Storage Elevation of Privilege Vulnerability
CVE-2022-21875 No No Less Likely Less Likely Important 7.0 6.1
Windows System Launcher Elevation of Privilege Vulnerability
CVE-2022-21866 No No Less Likely Less Likely Important 7.0 6.1
Windows UI Immersive Server API Elevation of Privilege Vulnerability
CVE-2022-21864 No No Less Likely Less Likely Important 7.0 6.1
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2022-21919 Yes No More Likely More Likely Important 7.0 6.3
CVE-2022-21895 No No Less Likely Less Likely Important 7.8 6.8
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
CVE-2022-21834 No No Less Likely Less Likely Important 7.0 6.1
Workstation Service Remote Protocol Security Feature Bypass Vulnerability
CVE-2022-21924 No No Less Likely Less Likely Important 5.3 4.8