January 2022 Monthly Patch Release

Published on 12 Jan 2022

Updated on 12 Jan 2022

Microsoft has released security patches to address multiple vulnerabilities in their software and products.

The vulnerabilities that have been classified as Critical in severity are listed in the table below.

For the full list of security patches released by Microsoft, please refer to https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2022-Jan

CRITICAL VULNERABILITIES
CVE NumberCVE NameBase ScoreReference
CVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability9.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21907
CVE-2022-21846Microsoft Exchange Server Remote Code Execution Vulnerability9.0https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21846
CVE-2022-21840Microsoft Office Remote Code Execution Vulnerability8.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21840
CVE-2022-21857Active Directory Domain Services Elevation of Privilege Vulnerability8.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21857
CVE-2022-21833Virtual Machine IDE Drive Elevation of Privilege Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21833
CVE-2022-21917HEVC Video Extensions Remote Code Execution Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21917
CVE-2022-21912DirectX Graphics Kernel Remote Code Execution Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21912
CVE-2022-21898DirectX Graphics Kernel Remote Code Execution Vulnerability7.8https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21898
CVE-2021-22947Open Source Curl Remote Code Execution VulnerabilityTBDhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-22947