This week Microsoft released the first patch for 2022 as part of its Patch Tuesday program. It fixes 96 vulnerabilities in various products of the software giant, including 9 critical and 6 zero-day vulnerabilities. The patch contains fixes for Windows, Edge, Exchange Server, Office and other software solutions.
The source notes that Microsoft’s current security patch is “unusually large” compared to what the company previously released in the first month of previous years. As for the most notable vulnerabilities that the Microsoft patch fixes, we’re going to highlight some of them separately.
The developers have fixed CVE-2022-21907, a Windows HTTP Protocol Stack vulnerability that allows remote code execution and can also be used to inject an auto-propagating network worm. We have also addressed three remote code execution vulnerabilities in Microsoft Exchange Server: one critical – CVE-2022-21846 and two important ones – CVE-2022-21969 and CVE-2022-21855. Exchange vulnerabilities do not require any special authority or user interaction to exploit these vulnerabilities.
We also note that there is a fix in Microsoft Office CVE-2022-21840 for the critical remote code execution vulnerability. No special permissions are required to exploit it, but the attacker would have to interact with the victim to convince them to launch a specially configured malicious file on their computer.
A hotfix will be released at a later date for organizations using Microsoft Office 2019 for Mac and Office LTSC for Mac. In addition, Microsoft has fixed many other security vulnerabilities. Check out theirs full list can be found on the software giant’s official support page.