Security News > 2022 > January > First Patch Tuesday of 2022 Brings Fix for a Critical 'Wormable' Windows Vulnerability

Microsoft on Tuesday kicked off its first set of updates for 2022 by plugging 96 security holes across its software ecosystem, while urging customers to prioritize patching for what it calls a critical "Wormable" vulnerability.
The patches cover a swath of the computing giant's portfolio, including Microsoft Windows and Windows Components, Exchange Server, Microsoft Office and Office Components, SharePoint Server,.
Microsoft also resolved six zero-days as part of its Patch Tuesday update, two of which are an integration of third-party fixes concerning the open-source libraries curl and libarchive.
Another critical vulnerability of note concerns a remote code execution flaw in Windows Internet Key Exchange version 2, which Microsoft said could be weaponized by a remote attacker to "Trigger multiple vulnerabilities without being authenticated."
On top of that, the patch also remediates a number of remote code execution flaws affecting Exchange Server, Microsoft Office, SharePoint Server, RDP, and Windows Resilient File System as well as privilege escalation vulnerabilities in Active Directory Domain Services, Windows Accounts Control, Windows Cleanup Manager, and Windows Kerberos, among others.
"This massive Patch Tuesday comes during a time of chaos in the security industry whereby professionals are working overtime to remediate Log4Shell - reportedly the worst vulnerability seen in decades," Bharat Jogi, director of vulnerability and threat Research at Qualys, said.
News URL
https://thehackernews.com/2022/01/first-patch-tuesday-of-2022-brings-fix.html
Related news
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- February 2025 Patch Tuesday forecast: New directions for AI development (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- February's Patch Tuesday sees Microsoft offer just 63 fixes (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)