Microsoft fixes critical remote code execution vulnerability in Office and other 96 flaws in its January patch

At the beginning of 2021, Microsoft issued security updates for almost 100 vulnerabilities, among which 9 bugs considered critical stand out. System updates will fix all errors currently identified in Microsoft.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.

Among these flaws, CVE-2022-21839 stands out, a denial of service (DoS) issue in the Windows event-tracking discretionary access control list; in addition to a privilege escalation flaw in the Windows User Profile service identified as CVE-2022-21919; and a Windows certificate forgery vulnerability with CVSS key CVE-2022-21836. These flaws have medium scores according to the Common Vulnerability Scoring System (CVSS).

Three more bugs were also publicly disclosed, including a remote code execution (RCE) bug in the Windows Security Center API (CVE-2022-21874), libarchive (CVE-2021-36976), and open source curl (CVE-2021-22947).

Microsoft fixes critical remote code execution vulnerability in Office and other 96 flaws in its January patch

In addition to these flaws, Microsoft addressed CVE-2022-21840, a critical bug whose exploitation requires a user to open a specially crafted file. In an attack scenario, a threat actor could exploit the vulnerability by sending the specially crafted file to the user, thereby releasing the malicious payload.

This flaw received a CVSS score of 7.7/10.

Cybersecurity specialists mention that this is the largest security update issued by Microsoft since at least July 2021. The company recommends affected users to apply these security patches as soon as possible. In addition to software updates, Microsoft recommends users apply some additional security measures, as exploiting these flaws does not pose a challenge to threat actors.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Microsoft fixes critical remote code execution vulnerability in Office and other 96 flaws in its January patch appeared first on Cyber Security News | Exploit One | Hacking News.

By admin