RV_ Posted January 11, 2022 Report Share Posted January 11, 2022 (edited) I updated my eight systems without any issues with this update. I mention that every month because most regular folks here know I have from older to the newest Intel computer systems, and a wide spread of processors and form factors. If the updates don't kill any of mine the updates are fairly safe. List of my systems at the bottom. If you are one who delays updates I'd suggest getting this set today. Excerpt: "This month's round of security fixes includes patches for publicly-known remote code execution bugs. Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities. In the Redmond giant's latest round of patches, usually released on the second Tuesday of each month in what is known as Patch Tuesday, Microsoft has fixed problems including remote code execution (RCE) exploits, privilege escalation flaws, spoofing issues, and cross-site scripting (XSS) vulnerabilities. Products impacted by January 2022's security update include Microsoft Exchange Server, the Office software line, Windows Defender, Windows Kernel, RDP, Cryptographic Services, Windows Certificate, and Microsoft Teams. The zero-day vulnerabilities resolved in this update are: CVE-2021-22947: HackerOne assigned CVE: An open source Curl RCE allowing for Man-in-The-Middle (MiTM) attacks. CVE-2021-36976: MITRE assigned CVE: An open source Libarchive use-after-free bug leading to RCE. CVE-2022-21874: A local Windows Security Center API RCE vulnerability (CVSS 7.8). CVE-2022-21919: A Windows User Profile Service Elevation of Privilege security issue (CVSS 7.0), PoC exploit code recorded. CVE-2022-21839: Windows Event Tracing Discretionary Access Control List Denial-of-Service (DoS) (CVSS 6.1). CVE-2022-21836: Windows Certificate spoofing, PoC code recorded (CVSS 7.8). None of the zero-day flaws above are known to have been exploited in the wild. A total of 24 vulnerabilities were patched earlier this month in Microsoft Edge (Chromium-based). According to the Zero Day Initiative (ZDI), this volume is unusual for the month of January, with previous years often being roughly half this number. Microsoft has also announced a refreshed Security Update Guide notification system, with standard email addresses now being accepted at signup rather than only Live IDs. Last month, Microsoft published 67 security fixes in the December 2021 Patch Tuesday. Seven critical vulnerabilities were among the issues patched, alongside six zero-day security flaws. One of the zero-days tackled was CVE-2021-43890, a bug in the Windows AppX Installer that is being actively exploited in the wild to spread Emotet, Trickbot, and Bazaloader malware. A month prior, the tech giant tackled 55 vulnerabilities during the November 2021 Patch Tuesday. In recent Microsoft news, earlier this month the company published an emergency fix for a bug impacting on-premise Exchange Servers. A date-check failure glitch prevented mail to move smoothly through the transport queues of Exchange Server 2016 and Exchange Server 2019. Alongside Microsoft's Patch Tuesday round, other vendors, too, will publish security updates which can be accessed below. Adobe security updates SAP security updates VMWare security advisories Intel security updates More in the full article with hot links here: https://www.zdnet.com/article/microsoft-january-2022-patch-tuesday-six-zero-days-over-90-vulnerabilities-fixed/?ftag=TREc64629f&bhid={%24external_id}&mid={%24MESSAGE_ID}&cid={%24contact_id}&eh={%24CF_emailHash} My systems are, from slowest to fastest: A two core/2 thread Pentium G3440T Lenovo 21" touch AIO One Beelink micro mini PC with a two core/2thread Celeron N3350 An HP G3 with a 4 core/4 thread i5 4590T mini PC desktop Two Surface Go2 with 2 core 4 thread M3-8100 An i7 4770S 4 core/8 thread Dell 27" AIO touch desktop An i7-1065G7 4 core 8 threads Surface Pro 7 An i5-10210U 4 Core 8 Thread Dell 27" AIO touch desktop And an i5-1135G7 4 Core 8 thread Surface Pro 7 plus. Safe computing! Edited January 11, 2022 by RV_ Quote RV/Derekhttp://www.rvroadie.com Email on the bottom of my website page.Retired AF 1971-1998 When you see a worthy man, endeavor to emulate him. When you see an unworthy man, look inside yourself. - Confucius “Those who can make you believe absurdities, can make you commit atrocities.” ... Voltaire Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.