Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days

Share on linkedin
Share on facebook
Share on twitter

Microsoft has addressed a total of 97 security vulnerabilities in its January 2022 Patch Tuesday update – nine of them rated critical – including six that are listed as publicly known zero-days.

The fixes cover a swath of the computing giant’s portfolio, including: Microsoft Windows and Windows Components, Microsoft Edge, Exchange Server, Microsoft Office and Office Components, SharePoint Server,.

Another interesting critical-rated RCE issue is CVE-2022-21840 in Microsoft Office, which, importantly, does not yet have a patch for Office 2019 for Mac and Microsoft Office LTSC for Mac 2021.

“Most Office-related RCE bugs are important-severity since they require user interaction and often have warning dialogs, too,” said Childs, noting that the Preview Pane is not the attack vector.

Microsoft also patched CVE-2022-21846 – a critical RCE bug in Microsoft Exchange Server reported by the National Security Agency, which is listed as “Exploitation more likely”.

“Attackers could use these remote code execution vulnerabilities to deploy and execute code on a target system. This can allow attackers to easily take full control of the system as well as create a base of operations within the network to spread to other systems. Common and widespread vulnerabilities like these are critical for attackers trying to steal corporate data or infiltrating sensitive systems. It is important for organizations to patch and remediate within the 72 hour window to minimize exposure.”

Stay on Top of Cyber Threats!

Subscribe to our monthly bulletin to stay updated on major cybersecurity risks.

Follow us on Socials:

Recent Cybersecurity News

483 accounts compromised in $34 million hack has confirmed that a multi-million dollar cyber attack led to the compromise...
Read The Article

CISA urges US orgs to prepare for data-wiping cyberattacks

The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity...
Read The Article

Cybercriminals Actively Target VMware vSphere with Cryptominers

Organizations running sophisticated virtual networks with VMware's vSphere service are actively being targeted...
Read The Article

Contact a Specialist

Discover why 1,000+ organizations trust our expertise to improve their cybersecurity.

Stay Updated on Cyber Risks!

Subscribe to the Vumetric Monthly Bulletin to keep up with breaking news in the cybersecurity industry.