Skip to main content
Customer Support Customer Support

Microsoft Security Update Revisions Issued: January 14, 2022

TripleHelix
Moderator
Forum|alt.badge.img+63

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

************************************************************************************

Title: Microsoft Security Update Revisions

Issued: January 14, 2022

************************************************************************************

 

Summary

=======

 

The following CVEs have undergone revision increments.

======================================================================================

 

* CVE-2022-21840

* CVE-2022-21841

* CVE-2022-21880

* CVE-2022-21882

* CVE-2022-21893

* CVE-2022-21907

* CVE-2022-21913

 

 

 - CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840

 - Version: 2.0

 - Reason for Revision: Microsoft is announcing the availability of the security

   updates for Microsoft Office for Mac. Customers running affected Mac software

   should install the update for their product to be protected from this vulnerability.

   Customers running other Microsoft Office software do not need to take any action.

   See the Release Notes for more information and download links.

 - Originally posted: January 11, 2022

 - Updated: January 13, 2022

 - Aggregate CVE Severity Rating: Critical

 

 - CVE-2022-21841 | Microsoft Excel Remote Code Execution Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21841

 - Version: 2.0

 - Reason for Revision: Microsoft is announcing the availability of the security

   updates for Microsoft Office for Mac. Customers running affected Mac software

   should install the update for their product to be protected from this vulnerability.

   Customers running other Microsoft Office software do not need to take any action.

   See the Release Notes for more information and download links.

 - Originally posted: January 11, 2022

 - Updated: January 13, 2022

 - Aggregate CVE Severity Rating: Important

 

 - CVE-2022-21880 | Windows GDI+ Information Disclosure Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21880

 - Version: 1.1

 - Reason for Revision: Updated FAQ information. This is an informational change

   only.

 - Originally posted: January 11, 2022

 - Updated: January 14, 2022

 - Aggregate CVE Severity Rating: Important

 

 - CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882

 - Version: 1.1

 - Reason for Revision: Corrected Active Attack entry to Yes. When this 

   information was originally released, Microsoft was aware of limited,

   targeted attacks that attempt to exploit this vulnerability.

 - Originally posted: January 11, 2022

 - Updated: January 13, 2022

 - Aggregate CVE Severity Rating: Important

 

 - CVE-2022-21893 | Remote Desktop Protocol Remote Code Execution Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21893

 - Version: 1.1

 - Reason for Revision: Updated one or more CVSS scores for the affected products.

   This is an informational change only.

 - Originally posted: January 11, 2022

 - Updated: January 13, 2022

 - Aggregate CVE Severity Rating: Important

 

 - CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907

 - Version: 1.1

 - Reason for Revision: Clarified the mitigation and added FAQs. This in an

   informational change only.

 - Originally posted: January 11, 2022

 - Updated: January 12, 2022

 - Aggregate CVE Severity Rating: Critical

 

 - CVE-2022-21913 | Local Security Authority (Domain Policy) Remote Protocol

   Security Feature Bypass

 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21913

 - Version: 1.1

 - Reason for Revision: Added an FAQ. This is an information change only.

 - Originally posted: January 11, 2022

 - Updated: January 13, 2022

 - Aggregate CVE Severity Rating: Important

 

 

Other Information

=================

 

Recognize and avoid fraudulent email to Microsoft customers:

=============================================================

If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email.

 

Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
ProTruckDriver
Jasper_The_Rasper
TripleHelix
3 people like this
  • ProTruckDriver
    ProTruckDriver
  • Jasper_The_Rasper
    Jasper_The_Rasper
  • TripleHelix
    TripleHelix

0 replies

Be the first to reply!

Reply


Terms & Conditions