CYBERSECURITY PADAWAN

The Patch Tuesday January bout brings 29 security- and non-security-related updates, including four issues rated as “Important”. Meanwhile, the Log4J hunt continues, with Microsoft identifying (and patching) additional log4j-related vulnerabilities, all of them discovered weeks after the initial December disclosure. Most of the updates released by Microsoft revolved around the Chromium-based Edge browser, designed to resolve exploits such as Remote Code Execution and Elevation of Privileges.

Patch Tuesday January 2022 Roundup

Although not as galloping as December’s bout, Patch Tuesday January 2022 does have its own high notes. Microsoft’s Chromium-based browser received numerous improvements – 29, to be precise– including four patches for issues previously labeled as “Important”. The issues in question are CVE-2022-21970, CVE-22022-21930, CVE-2022-21931, and CVE-2022-21954. Microsoft’s list also contains an exploit labeled as “Moderate” – CVE-2022-21929. Apart from the patches included in the company’s monthly advisory, we should also expect patches, updates, and miscellaneous improvements for Adobe’s Acrobat Reader, Thunderbird, and Microsoft Exchange Server.

CVE-2022-21930 – Chromium-based RCE (Remote Code Execution)

A design flaw in an undisclosed Microsoft Edge component would allow a threat actor to remotely execute arbitrary code on the victim’s machine without privilege escalation. The issue was marked as solved. A security patch is available for download.

CVE-2022-21929 – Chromium-based RCE (Remote Code Execution)

Threat actors may leverage a design flaw in Microsoft Edge for the purpose of executing malicious code on the victim’s machine. CVE-2022-21929 has received an official fix at the beginning of January 2022.

CVE-2022-21931 – Chromium-based RCE (Remote Code Execution)

A flawed Edge component can be leveraged by a threat actor to execute arbitrary code on the victim’s machine. Microsoft noted that the attack surface is local-only. The threat actor does not require elevated privileges to execute the malicious package.

CVE-2022-21954 – Chromium-based Elevation of Privilege

A flaw discovered in one of Edge’s components may be leveraged by a threat actor to obtain higher privileges. The attack vector is network only. Microsoft marked the issue as resolved. A patch is available for download.

CVE-2022-21970 – Chromium-based Elevation of Privilege

A defective Chromium-based Microsoft Edge component may be leveraged by a threat actor to gain elevated privileges on the victim’s machine. The attack surface is local-only. Microsoft has already pushed a security patch to solve the issue.

Additional Cybersecurity Advice

Grabbing the latest security and non-security patches is but one of the steps you’ll need to take in order to secure your business infrastructure. For those of you who want to play it safe, here are some more actions you can take.

  • Automate your patching flow. Handling numerous licensed software can become challenging even for the aptest IT administrator. The best way to ensure that all your endpoints’ apps and software are up-to-speed, security-wise, you should find a way to automate your patching flow. Heimdal™ Patch & Asset Management can greatly enhance your patching game, allowing you to deliver 3rd party, Windows, proprietary, and Microsoft Optional Updates to any endpoint or server, regardless of their locations or time-zones.
  • First come, first served. Prioritize your patches – security patches should always be deployed before the optional ones.
  • Being the early bird. Deploy the security patches as soon as they become available. In traditional patching, the IT admin would’ve had to work out a seek-download-and-deploy schedule and stick by it. With automatic patching, this issue is a thing of the past.
  • Vulnerability scanning. Apart from deploying the latest security patches, you should also conduct your own vulnerability scanning to identify hidden flaws. From there, you can either download/request a patch from the software’s vendor or develop one yourself.

Conclusion

Patch Tuesday December 2022 was more about Microsoft’s Chromium-based browser than other issues.  Log4j’s legacy lives on and it would be some time until the issue’s sorted out. As always, stay safe, don’t click on dubious links, subscribe, and email me if you have any more questions.

Additional resources:

Did you enjoy this article? Follow us on LinkedInTwitterFacebookYoutube, or Instagram to keep up to date with everything we post!

Software Patching Statistics: Common Practices and Vulnerabilities [Updated 2021]

A List of Vulnerable Products to the Log4j Vulnerability

All You Need to Know About the New Zero-Day Found in the Log4j Java Library

8 Free and Open Source Patch Management Tools for Your Company

Comments

You may have VPN issues after installing this update.
If thats the case; remove KB5009566 or KB5009543 & reboot.
Know to affect clients connecting to Meraki and Unifi firewalls

Vladimir Unterfingher on January 13, 2022 at 10:45 am

Thanks for the clarification, Severn!

Patch Tuesday December 2022 ???

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP