Microsoft’s January 2022 Patch Tuesday Addresses 97 CVEs
“Microsoft patched CVE-2022-21907, a critical remote code execution flaw in the HTTP Protocol Stack. To exploit this vulnerability, a remote, unauthenticated attacker could send a specially crafted request to a vulnerable server using the HTTP Protocol Stack. Microsoft warns that this vulnerability is wormable, meaning no human interaction would be required for an attack to spread from system to system. As such, organisations that utilise the HTTP Protocol Stack should prioritise patching this vulnerability as soon as possible.
“Additionally, Microsoft patched three remote code execution vulnerabilities in Microsoft Exchange Server (CVE-2022-21846, CVE-2022-21969, CVE-2022-21855). All three are rated as “exploitation more likely.” One of the flaws, CVE-2022-21846, was disclosed to Microsoft by the National Security Agency. Despite the rating, Microsoft notes the attack vector is adjacent, meaning exploitation will require more legwork for an attacker, unlike the ProxyLogon and ProxyShell vulnerabilities which were remotely exploitable.”
— Satnam Narang, Staff Research Engineer, Tenable
Hangzhou 2022 Asian Games Village completed
