Security News > 2022 > January > January 2022 Patch Tuesday forecast: Old is new again
Even though Apache released the zero-day fix for CVE-2021-44228, it takes a while for companies who use this library to update, test, and release a new version.
January 2022 Patch Tuesday forecast I mentioned Microsoft has been busy addressing several issues already this year, so we may see more than the 29 and 30 vulnerabilities addressed in Windows 11 and 10 respectively.
Updates for most Adobe products were released back on December 14th, so make sure you've included those in your update plan.
One of these vulnerabilities was rated Critical and 10 were High, so definitely update your systems this patch cycle.
Mozilla did not release their usual pre-Patch Tuesday updates for Firefox, Firefox ESR, and Thunderbird, so expect those security updates next week.
With the malicious code in the Atera product and the scramble to update Apache's Log4Shell vulnerability, this old advice is really new again!
News URL
https://www.helpnetsecurity.com/2022/01/07/january-2022-patch-tuesday-forecast/
Related news
- April 2025 Patch Tuesday forecast: More AI security introduced by Microsoft (source)
- Week in review: Probing activity on Palo Alto Networks GlobalProtect portals, Patch Tuesday forecast (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- April's Patch Tuesday leaves unlucky Windows Hello users unable to login (source)
- May 2025 Patch Tuesday forecast: Panic, change, and hope (source)
- Week in review: The impact of a CVE-free future on cyber defense, Patch Tuesday forecast (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Go ahead and ignore Patch Tuesday – it might improve your security (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity siemens apache intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |