This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| .NET Framework | CVE-2022-21911 | .NET Framework Denial of Service Vulnerability |
| Microsoft Dynamics | CVE-2022-21932 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
| Microsoft Dynamics | CVE-2022-21891 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-0105 | Chromium: CVE-2022-0105 Use after free in PDF |
| Microsoft Edge (Chromium-based) | CVE-2022-0102 | Chromium: CVE-2022-0102 Type Confusion in V8 |
| Microsoft Edge (Chromium-based) | CVE-2022-0104 | Chromium: CVE-2022-0104 Heap buffer overflow in ANGLE |
| Microsoft Edge (Chromium-based) | CVE-2022-0101 | Chromium: CVE-2022-0101 Heap buffer overflow in Bookmarks |
| Microsoft Edge (Chromium-based) | CVE-2022-0103 | Chromium: CVE-2022-0103 Use after free in SwiftShader |
| Microsoft Edge (Chromium-based) | CVE-2022-0109 | Chromium: CVE-2022-0109 Inappropriate implementation in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2022-0110 | Chromium: CVE-2022-0110 Incorrect security UI in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2022-0108 | Chromium: CVE-2022-0108 Inappropriate implementation in Navigation |
| Microsoft Edge (Chromium-based) | CVE-2022-0106 | Chromium: CVE-2022-0106 Use after free in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2022-0107 | Chromium: CVE-2022-0107 Use after free in File Manager API |
| Microsoft Edge (Chromium-based) | CVE-2022-21954 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-21970 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-21931 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-21929 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-21930 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2022-0099 | Chromium: CVE-2022-0099 Use after free in Sign-in |
| Microsoft Edge (Chromium-based) | CVE-2022-0100 | Chromium: CVE-2022-0100 Heap buffer overflow in Media streams API |
| Microsoft Edge (Chromium-based) | CVE-2022-0098 | Chromium: CVE-2022-0098 Use after free in Screen Capture |
| Microsoft Edge (Chromium-based) | CVE-2022-0096 | Chromium: CVE-2022-0096 Use after free in Storage |
| Microsoft Edge (Chromium-based) | CVE-2022-0097 | Chromium: CVE-2022-0097 Inappropriate implementation in DevTools |
| Microsoft Edge (Chromium-based) | CVE-2022-0116 | Chromium: CVE-2022-0116 Inappropriate implementation in Compositing |
| Microsoft Edge (Chromium-based) | CVE-2022-0117 | Chromium: CVE-2022-0117 Policy bypass in Service Workers |
| Microsoft Edge (Chromium-based) | CVE-2022-0115 | Chromium: CVE-2022-0115 Uninitialized Use in File API |
| Microsoft Edge (Chromium-based) | CVE-2022-0113 | Chromium: CVE-2022-0113 Inappropriate implementation in Blink |
| Microsoft Edge (Chromium-based) | CVE-2022-0114 | Chromium: CVE-2022-0114 Out of bounds memory access in Web Serial |
| Microsoft Edge (Chromium-based) | CVE-2022-0118 | Chromium: CVE-2022-0118 Inappropriate implementation in WebShare |
| Microsoft Edge (Chromium-based) | CVE-2022-0111 | Chromium: CVE-2022-0111 Inappropriate implementation in Navigation |
| Microsoft Edge (Chromium-based) | CVE-2022-0112 | Chromium: CVE-2022-0112 Incorrect security UI in Browser UI |
| Microsoft Edge (Chromium-based) | CVE-2022-0120 | Chromium: CVE-2022-0120 Inappropriate implementation in Passwords |
| Microsoft Exchange Server | CVE-2022-21969 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2022-21846 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2022-21855 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2022-21904 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2022-21903 | Windows GDI Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2022-21915 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2022-21880 | Windows GDI+ Information Disclosure Vulnerability |
| Microsoft Office | CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2022-21841 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2022-21837 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office Word | CVE-2022-21842 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2022-21917 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Open Source Software | CVE-2021-22947 | Open Source Curl Remote Code Execution Vulnerability |
| Role: Windows Hyper-V | CVE-2022-21901 | Windows Hyper-V Elevation of Privilege Vulnerability |
| Role: Windows Hyper-V | CVE-2022-21900 | Windows Hyper-V Security Feature Bypass Vulnerability |
| Role: Windows Hyper-V | CVE-2022-21905 | Windows Hyper-V Security Feature Bypass Vulnerability |
| Role: Windows Hyper-V | CVE-2022-21847 | Windows Hyper-V Denial of Service Vulnerability |
| Tablet Windows User Interface | CVE-2022-21870 | Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability |
| Windows Account Control | CVE-2022-21859 | Windows Accounts Control Elevation of Privilege Vulnerability |
| Windows Active Directory | CVE-2022-21857 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| Windows AppContracts API Server | CVE-2022-21860 | Windows AppContracts API Server Elevation of Privilege Vulnerability |
| Windows Application Model | CVE-2022-21862 | Windows Application Model Core API Elevation of Privilege Vulnerability |
| Windows BackupKey Remote Protocol | CVE-2022-21925 | Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability |
| Windows Bind Filter Driver | CVE-2022-21858 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
| Windows Certificates | CVE-2022-21836 | Windows Certificate Spoofing Vulnerability |
| Windows Cleanup Manager | CVE-2022-21838 | Windows Cleanup Manager Elevation of Privilege Vulnerability |
| Windows Clipboard User Service | CVE-2022-21869 | Clipboard User Service Elevation of Privilege Vulnerability |
| Windows Cluster Port Driver | CVE-2022-21910 | Microsoft Cluster Port Driver Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver | CVE-2022-21897 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver | CVE-2022-21916 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Connected Devices Platform Service | CVE-2022-21865 | Connected Devices Platform Service Elevation of Privilege Vulnerability |
| Windows Cryptographic Services | CVE-2022-21835 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| Windows Defender | CVE-2022-21921 | Windows Defender Credential Guard Security Feature Bypass Vulnerability |
| Windows Defender | CVE-2022-21906 | Windows Defender Application Control Security Feature Bypass Vulnerability |
| Windows Devices Human Interface | CVE-2022-21868 | Windows Devices Human Interface Elevation of Privilege Vulnerability |
| Windows Diagnostic Hub | CVE-2022-21871 | Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability |
| Windows DirectX | CVE-2022-21898 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| Windows DirectX | CVE-2022-21918 | DirectX Graphics Kernel File Denial of Service Vulnerability |
| Windows DirectX | CVE-2022-21912 | DirectX Graphics Kernel Remote Code Execution Vulnerability |
| Windows DWM Core Library | CVE-2022-21852 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Windows DWM Core Library | CVE-2022-21902 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Windows DWM Core Library | CVE-2022-21896 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2022-21872 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2022-21839 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability |
| Windows Geolocation Service | CVE-2022-21878 | Windows Geolocation Service Remote Code Execution Vulnerability |
| Windows HTTP Protocol Stack | CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability |
| Windows IKE Extension | CVE-2022-21843 | Windows IKE Extension Denial of Service Vulnerability |
| Windows IKE Extension | CVE-2022-21890 | Windows IKE Extension Denial of Service Vulnerability |
| Windows IKE Extension | CVE-2022-21883 | Windows IKE Extension Denial of Service Vulnerability |
| Windows IKE Extension | CVE-2022-21889 | Windows IKE Extension Denial of Service Vulnerability |
| Windows IKE Extension | CVE-2022-21848 | Windows IKE Extension Denial of Service Vulnerability |
| Windows IKE Extension | CVE-2022-21849 | Windows IKE Extension Remote Code Execution Vulnerability |
| Windows Installer | CVE-2022-21908 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Kerberos | CVE-2022-21920 | Windows Kerberos Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2022-21881 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2022-21879 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Libarchive | CVE-2021-36976 | Libarchive Remote Code Execution Vulnerability |
| Windows Local Security Authority | CVE-2022-21913 | Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass |
| Windows Local Security Authority Subsystem Service | CVE-2022-21884 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability |
| Windows Modern Execution Server | CVE-2022-21888 | Windows Modern Execution Server Remote Code Execution Vulnerability |
| Windows Push Notifications | CVE-2022-21867 | Windows Push Notifications Apps Elevation Of Privilege Vulnerability |
| Windows RDP | CVE-2022-21851 | Remote Desktop Client Remote Code Execution Vulnerability |
| Windows RDP | CVE-2022-21850 | Remote Desktop Client Remote Code Execution Vulnerability |
| Windows RDP | CVE-2022-21893 | Remote Desktop Protocol Remote Code Execution Vulnerability |
| Windows Remote Access Connection Manager | CVE-2022-21914 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Windows Remote Access Connection Manager | CVE-2022-21885 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Windows Remote Desktop | CVE-2022-21964 | Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability |
| Windows Remote Procedure Call Runtime | CVE-2022-21922 | Remote Procedure Call Runtime Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21961 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21959 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21958 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21960 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21963 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21892 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21962 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Resilient File System (ReFS) | CVE-2022-21928 | Windows Resilient File System (ReFS) Remote Code Execution Vulnerability |
| Windows Secure Boot | CVE-2022-21894 | Secure Boot Security Feature Bypass Vulnerability |
| Windows Security Center | CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability |
| Windows StateRepository API | CVE-2022-21863 | Windows StateRepository API Server file Elevation of Privilege Vulnerability |
| Windows Storage | CVE-2022-21875 | Windows Storage Elevation of Privilege Vulnerability |
| Windows Storage Spaces Controller | CVE-2022-21877 | Storage Spaces Controller Information Disclosure Vulnerability |
| Windows System Launcher | CVE-2022-21866 | Windows System Launcher Elevation of Privilege Vulnerability |
| Windows Task Flow Data Engine | CVE-2022-21861 | Task Flow Data Engine Elevation of Privilege Vulnerability |
| Windows Tile Data Repository | CVE-2022-21873 | Tile Data Repository Elevation of Privilege Vulnerability |
| Windows UEFI | CVE-2022-21899 | Windows Extensible Firmware Interface Security Feature Bypass Vulnerability |
| Windows UI Immersive Server | CVE-2022-21864 | Windows UI Immersive Server API Elevation of Privilege Vulnerability |
| Windows User Profile Service | CVE-2022-21895 | Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows User Profile Service | CVE-2022-21919 | Windows User Profile Service Elevation of Privilege Vulnerability |
| Windows User-mode Driver Framework | CVE-2022-21834 | Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability |
| Windows Virtual Machine IDE Drive | CVE-2022-21833 | Virtual Machine IDE Drive Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2022-21876 | Win32k Information Disclosure Vulnerability |
| Windows Win32K | CVE-2022-21887 | Win32k Elevation of Privilege Vulnerability |
| Windows Workstation Service Remote Protocol | CVE-2022-21924 | Workstation Service Remote Protocol Security Feature Bypass Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21852 MITRE NVD |
CVE Title: Windows DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21852 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21852 | He YiSheng, Zhang WangJunJie, and Li WenYue with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-22947 MITRE NVD |
CVE Title: Open Source Curl Remote Code Execution Vulnerability
CVSS: None FAQ: Why is this a Hacker One CVE? This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The January 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see curl security problems for information on all of the vulnerabilities that have been addressed. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-22947 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-22947 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-36976 MITRE NVD |
CVE Title: Libarchive Remote Code Execution Vulnerability
CVSS: None FAQ: Why is this a MITRE Corporation CVE? CVE-2021-36976 is regarding a vulnerability in the libarchive open source library which is used by Windows. The January 2022 Windows Security Updates include the most recent version of this library which addresses the vulnerability and others. Please see libarchive CVEs for more information regarding all of the vulnerabilities that have been addressed. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36976 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Remote Code Execution | 5008206 | Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Remote Code Execution | 5008215 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Remote Code Execution | 5008218 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Remote Code Execution | 5008223 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Remote Code Execution | 5008212 |
Base: N/A Temporal: N/A Vector: N/A |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36976 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21919 MITRE NVD |
CVE Title: Windows User Profile Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21919 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.3 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21919 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21918 MITRE NVD |
CVE Title: DirectX Graphics Kernel File Denial of Service Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21918 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Denial of Service | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Denial of Service | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Denial of Service | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Denial of Service | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21918 | HongZhenhao of Ant Group Light-Year Security Lab
|
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21917 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: How could this vulnerability affect my system A crafted image file could cause a crash in Explorer during browsing of the directory containing the file. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.43421.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.43422.0 and later contain this update. You can check the package version in PowerShell:
How would an attacker exploit this vulnerability? This vulnerability would require an authenticated victim to be tricked into opening a specially crafted media file which could result in remote code execution on the victim's machine. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21917 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Upadate Information (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-21917 | Dhanesh Kizhakkinan with Mandiant |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21915 MITRE NVD |
CVE Title: Windows GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21915 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Information Disclosure | 5008230 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Information Disclosure | 5008206 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Information Disclosure | 5008215 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Information Disclosure | 5008274 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Information Disclosure | 5008244 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Information Disclosure | 5008277 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Information Disclosure | 5008263 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Information Disclosure | 5008207 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Information Disclosure | 5008218 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Information Disclosure | 5008223 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Information Disclosure | 5008212 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21915 | Gábor Selján |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21932 MITRE NVD |
CVE Title: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVSS: CVSS:3.1 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21932 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 Customer Engagement V9.0 | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Unknown | |
| Microsoft Dynamics 365 Customer Engagement V9.1 | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2022-21932 | Pham Van Khanh @rskvp93 from Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21833 MITRE NVD |
CVE Title: Virtual Machine IDE Drive Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21833 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21833 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21834 MITRE NVD |
CVE Title: Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21834 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21834 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21835 MITRE NVD |
CVE Title: Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21835 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Elevation of Privilege | 5008274 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21835 | Xuefeng Li and Zhiniang Peng with Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21836 MITRE NVD |
CVE Title: Windows Certificate Spoofing Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: What security feature is bypassed with this vulnerability? A successful attacker could bypass the WPBT binary verification by using a small number of compromised certificates. Microsoft has added those certificates to the Windows kernel driver block list, driver.stl. Certificates on the driver.stl will be blocked even if present in the Windows Platform Binary Table (WPBT). In addition, Microsoft recommends customers use Windows Defender Application Control (WDAC) to limit what is allowed to run on their devices. WDAC policy is also enforced for binaries included in the WPBT and should mitigate this issue. We recommend customers implement a WDAC policy that is as restrictive as practical for their environment. You can find documentation on WDAC on https://docs.microsoft.com. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21836 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Spoofing | 5008230 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Spoofing | 5008230 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Spoofing | 5008206 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Spoofing | 5008206 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Spoofing | 5008206 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Spoofing | 5008215 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Spoofing | 5008215 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Important | Spoofing | 5008274 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Spoofing | 5008244 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Spoofing | 5008277 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Spoofing | 5008277 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Spoofing | 5008263 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Spoofing | 5008207 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Spoofing | 5008218 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Spoofing | 5008223 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Spoofing | 5008223 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Spoofing | 5008212 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21836 | Mickey Shkatov |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21838 MITRE NVD |
CVE Title: Windows Cleanup Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 5.5/4.8
FAQ: What privileges does the attacker gain? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21838 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Important | Elevation of Privilege | 5008277 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21838 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21839 MITRE NVD |
CVE Title: Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability
CVSS: CVSS:3.1 6.1/5.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21839 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Denial of Service | 5008218 |
Base: 6.1 Temporal: 5.5 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21839 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21840 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Are the updates for the Microsoft Office for Mac currently available? The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21840 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2013 RT Service Pack 1 | 5002128 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002128 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002128 (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 5002114 (Security Update) | Critical | Remote Code Execution | 5002098 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5002114 (Security Update) | Critical | Remote Code Execution | 5002098 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 RT Service Pack 1 | 5002064 (Security Update) 5002124 (Security Update) 4462205 (Security Update) |
Critical | Remote Code Execution | 5001985 5002104 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002064 (Security Update) 5002124 (Security Update) 4462205 (Security Update) |
Critical | Remote Code Execution | 5001985 5002104 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002064 (Security Update) 5002124 (Security Update) 4462205 (Security Update) |
Critical | Remote Code Execution | 5001985 5002104 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 5002060 (Security Update) 5002115 (Security Update) 5002052 (Security Update) |
Critical | Remote Code Execution | 5001982 5002099 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5002060 (Security Update) 5002115 (Security Update) 5002052 (Security Update) |
Critical | Remote Code Execution | 5001982 5002099 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Critical | Remote Code Execution | None | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Microsoft Office Online Server | 5002107 (Security Update) | Critical | Remote Code Execution | 5002097 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002122 (Security Update) | Critical | Remote Code Execution | 5002103 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5001995 (Security Update) 5002102 (Security Update) |
Critical | Remote Code Execution | 4011599 5002063 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 5002113 (Security Update) 5002118 (Security Update) |
Critical | Remote Code Execution | 5002055 5002059 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002127 (Security Update) 5002129 (Security Update) |
Critical | Remote Code Execution | 5002071 5002015 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 5002109 (Security Update) 5002108 (Security Update) |
Critical | Remote Code Execution | 5002054 5002061 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server Subscription Edition | 5002111 (Security Update) | Critical | Remote Code Execution | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe | |
| SharePoint Server Subscription Edition Language Pack | 5002110 (Security Update) | Critical | Remote Code Execution | 5002047 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2022-21840 | Anonymous Finder |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21841 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Are the updates for the Microsoft Office for Mac currently available? The security update for Microsoft Office 2019 for Mac and Microsoft Office LTSC for Mac 2021 are not immediately available. The updates will be released as soon as possible, and when they are available, customers will be notified via a revision to this CVE information. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21841 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2013 RT Service Pack 1 | 5002119 (Security Update) | Important | Remote Code Execution | 5002101 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002119 (Security Update) | Important | Remote Code Execution | 5002101 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002119 (Security Update) | Important | Remote Code Execution | 5002101 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 5002116 (Security Update) | Important | Remote Code Execution | 5002033 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5002116 (Security Update) | Important | Remote Code Execution | 5002033 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office LTSC for Mac 2021 | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2022-21841 | Jaanus Kääp with Clarified Security Jaanus Kääp with Clarified Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21857 MITRE NVD |
CVE Title: Active Directory Domain Services Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 8.8/7.7
FAQ: What is the scope of this security update? This update resolves an elevation of privilege vulnerability specific to Active Directory Domain Services environments with incoming trusts. Prior to this update, an attacker could elevate privileges across the trust boundary under certain conditions. Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21857 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Critical | Elevation of Privilege | 5008230 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Critical | Elevation of Privilege | 5008206 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Critical | Elevation of Privilege | 5008215 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5009627 (Monthly Rollup) 5009601 (Security Only) |
Critical | Elevation of Privilege | 5008274 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Critical | Elevation of Privilege | 5008244 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5009586 (Monthly Rollup) 5009619 (Security Only) |
Critical | Elevation of Privilege | 5008277 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Critical | Elevation of Privilege | 5008263 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Critical | Elevation of Privilege | 5008207 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Critical | Elevation of Privilege | 5008218 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Critical | Elevation of Privilege | 5008223 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Critical | Elevation of Privilege | 5008212 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21857 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21858 MITRE NVD |
CVE Title: Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21858 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for ARM64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 11 for x64-based Systems | 5009566 (Security Update) | Important | Elevation of Privilege | 5008215 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21858 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21859 MITRE NVD |
CVE Title: Windows Accounts Control Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21859 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5009585 (Security Update) | Important | Elevation of Privilege | 5008230 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5009545 (Security Update) | Important | Elevation of Privilege | 5008206 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for 32-bit Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for ARM64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H2 for x64-based Systems | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5009610 (Monthly Rollup) 5009621 (Security Only) |
Important | Elevation of Privilege | 5008244 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5009624 (Monthly Rollup) | Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5009624 (Monthly Rollup) 5009595 (Security Only) |
Important | Elevation of Privilege | 5008263 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5009546 (Security Update) | Important | Elevation of Privilege | 5008207 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5009557 (Security Update) | Important | Elevation of Privilege | 5008218 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5009555 (Security Update) | Important | Elevation of Privilege | 5008223 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5009543 (Security Update) | Important | Elevation of Privilege | 5008212 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2022-21859 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2022-21860 MITRE NVD |
CVE Title: Windows AppContracts API Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2022-01-11T08:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2022-21860 | ||||||
| Product | <||||||