Security News > 2022 > January > First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "Wormable" vulnerability.

The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server,.

Microsoft also resolved six zero-days as part of its Patch Tuesday update, two of which are an integration of third-party fixes concerning the open-source libraries curl and libarchive.

Another critical vulnerability of note concerns a remote code execution flaw in Windows Internet Key Exchange version 2, which Microsoft said could be weaponized by a remote attacker to "Trigger multiple vulnerabilities without being authenticated."

On top of that, the patch also remediates a number of remote code execution flaws affecting Exchange Server, Microsoft Office, SharePoint Server, RDP, and Windows Resilient File System as well as privilege escalation vulnerabilities in Active Directory Domain Services, Windows Accounts Control, Windows Cleanup Manager, and Windows Kerberos, among others.

"This massive Patch Tuesday comes during a time of chaos in the security industry whereby professionals are working overtime to remediate Log4Shell - reportedly the worst vulnerability seen in decades," Bharat Jogi, director of vulnerability and threat Research at Qualys, said.

News URL

https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html