You can update Windows 10 now: the first Patch Tuesday of 2022 arrives with almost 100 fixes for critical and important bugs
Microsoft has released its first Patch Tuesday of this new year 2022 with fixes for six publicly disclosed zero-day or zero-day vulnerabilities, although none of them have been actively exploited in attacks.
The Redmond-based also fixes a total of 97 bugs in Windows, plus 29 vulnerabilities in its Microsoft Edge browser. Of the fixed bugs in its software, there were nine classified as critical and 88 as important.
The issues found that Microsoft fixed in this January Patch Tuesday were classified as follows:
- 41 Elevation of privilege vulnerabilities
- 9 Security feature evasion vulnerabilities
- 29 Remote code execution vulnerabilities
- 6 Information disclosure vulnerabilities
- 9 Denial of Service Vulnerabilities
- 3 Impersonation Vulnerabilities
What’s new for almost all of Windows 10
The update arrives for different versions of Windows 10 and is associated with the patch KB5009543. You can download it if you have Windows 10 May 2020 Update (2004), Windows 10 October 2020 Update (20H2), Windows 10 May 2021 Update (21H1), and Windows 10 November 2021 Update (21H2) on your computer.
In addition, Microsoft has also announced a revamped notification system for its Security Update Guide. It arrives with standard email addresses now accepted at registration instead of just Live IDs.
It’s worth recalling that earlier this month the company released an emergency fix for a bug affecting Exchange servers. Specifically, MS Exchange’s anti-spam and anti-malware engine (FIP-FS, enabled by default on installations of that platform since its 2013 version) suffered an error when processing the date from midnight on December 31, 2021, so millions of emails were stuck on the servers, without forwarding to their recipients.
What were the zero-day vulnerabilities
As for the zero-day vulnerabilities, although according to Microsoft none of them have been actively exploited in attacks, as they were made public, they could become exploited. They are:
- CVE-2021-22947 – Open source Curl remote code execution vulnerability.
- CVE-2021-36976 – Remote Code Execution Vulnerability in Libarchive
- CVE-2022-21919 – Elevation of Privilege Vulnerability in Windows User Profile Service
- CVE-2022-21836 – Windows certificate forgery vulnerability
- CVE-2022-21839 – Windows Discretionary Access Control List Denial of Service vulnerability
- CVE-2022-21874 – Remote code execution vulnerability in the Windows Security Center API
- Both the Curl and Libarchive vulnerabilities had already been fixed, but the fixes were added to Windows now with the patch.