Skip to content ↓ | Skip to navigation ↓

Today’s VERT Alert addresses Microsoft’s January 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-981 on Wednesday, January 12th.

In-The-Wild & Disclosed CVEs


This vulnerability was a bypass to CVE-2021-34484, released by the same researcher, Abdelhamid Naceri. The researcher first tweeted about the bypass on October 22 and shared a blog post with details and links to a proof of concept. According to Naceri, the initial fix only removed CDirectoryRemove based on the original proof of concept that was provided, it did not resolve the underlying issue, which has been fixed with today’s update.

Microsoft has rated this as Exploitation More Likely on the latest software release on the Exploitability Index.


This vulnerability describes an issue in the libarchive library which is used by Windows. The vulnerability was found by OSS-Fuzz in March 2021 and disclosed in June 2021. The libarchive library was updated in August 2021 and Microsoft is now issuing an update in January 2022. Details around the OSS-Fuzz reported issue can be found here.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


This vulnerability was first disclosed in a blog post from Eclypsium on September 23, 2021. Expired and revoked certificates could be used to bypass binary verification in the Windows Platform Binary Table (WPBT). According to Microsoft, “The primary purpose of WPBT is to allow critical software to persist even when the operating system has changed or been reinstalled in a “clean” configuration.” This patch and advisory do two things. First, the patch adds compromised certificates to the Windows kernel driver block list (driver.stl) to block the compromised signing certificates. Second, the advisory also advises that people setup Windows Defender Application Control (WDAC) to restrict which binaries can be executed on a system.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


This vulnerability describes a local denial of service vulnerability with Windows Event Tracing Discretionary Access Control Lists (DACLs). DACLs are Access Control Lists that identify who can access a Windows object. If the object does not have a DACL, the system will provide everyone access to it.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


A code execution vulnerability exists within the Windows Security Center API. The local vulnerability requires user interaction but could allow for a full compromise of confidentiality, integrity, and availability.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.


CVE-2021-22947 is a vulnerability in curl that was introduced in 2009 and fixed in September 2021. The fix was released in curl 7.79.0 on September 15, 2021 and a security advisory was published. Windows uses the curl library and Microsoft has patched it as part of the January 2022 patch drop. The vulnerability itself is a man-in-the-middle, where traffic not protected by TLS can be injected into communication between the client and server that will be processed by curl as if it came from a TLS-protected connection.

Microsoft has rated this as Exploitation Less Likely on the latest software release on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.

  • Traditional Software
  • Mobile Software
  • Cloud or Cloud Adjacent
  • Vulnerabilities that are being exploited or that have been disclosed will be bold
TagCVE CountCVEs
Windows IKE Extension6CVE-2022-21843, CVE-2022-21883, CVE-2022-21848, CVE-2022-21849, CVE-2022-21889, CVE-2022-21890
Windows HTTP Protocol Stack1CVE-2022-21907
Windows Storage1CVE-2022-21875
Open Source Software1CVE-2021-22947
Tablet Windows User Interface1CVE-2022-21870
Windows Clipboard User Service1CVE-2022-21869
Windows Workstation Service Remote Protocol1CVE-2022-21924
Windows Application Model1CVE-2022-21862
Windows Cryptographic Services1CVE-2022-21835
Windows Installer1CVE-2022-21908
Microsoft Dynamics2CVE-2022-21932, CVE-2022-21891
Windows Storage Spaces Controller1CVE-2022-21877
Windows Secure Boot1CVE-2022-21894
Windows DirectX3CVE-2022-21918, CVE-2022-21912, CVE-2022-21898
Windows Kerberos1CVE-2022-21920
Windows Local Security Authority Subsystem Service1CVE-2022-21884
Microsoft Office SharePoint1CVE-2022-21837
Microsoft Windows Codecs Library1CVE-2022-21917
Windows User-mode Driver Framework1CVE-2022-21834
Windows Task Flow Data Engine1CVE-2022-21861
Microsoft Office Excel1CVE-2022-21841
Microsoft Graphics Component4CVE-2022-21915, CVE-2022-21880, CVE-2022-21903, CVE-2022-21904
Windows Event Tracing2CVE-2022-21839, CVE-2022-21872
Windows Cleanup Manager1CVE-2022-21838
Windows Kernel2CVE-2022-21879, CVE-2022-21881
Windows DWM Core Library3CVE-2022-21852, CVE-2022-21902, CVE-2022-21896
Windows User Profile Service2CVE-2022-21919, CVE-2022-21895
Microsoft Office Word1CVE-2022-21842
Windows Remote Access Connection Manager2CVE-2022-21885, CVE-2022-21914
Windows Push Notifications1CVE-2022-21867
Microsoft Office1CVE-2022-21840
Windows Remote Procedure Call Runtime1CVE-2022-21922
Windows Defender2CVE-2022-21906, CVE-2022-21921
Windows Remote Desktop1CVE-2022-21964
Windows Bind Filter Driver1CVE-2022-21858
Windows Active Directory1CVE-2022-21857
Windows Certificates1CVE-2022-21836
Microsoft Exchange Server3CVE-2022-21846, CVE-2022-21855, CVE-2022-21969
Windows RDP3CVE-2022-21893, CVE-2022-21850, CVE-2022-21851
Windows Geolocation Service1CVE-2022-21878
.NET Framework1CVE-2022-21911
Windows StateRepository API1CVE-2022-21863
Windows Common Log File System Driver2CVE-2022-21916, CVE-2022-21897
Windows BackupKey Remote Protocol1CVE-2022-21925
Windows System Launcher1CVE-2022-21866
Windows Libarchive1CVE-2021-36976
Windows Win32K3CVE-2022-21876, CVE-2022-21882, CVE-2022-21887
Windows Resilient File System (ReFS)8CVE-2022-21892, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963, CVE-2022-21928
Windows Connected Devices Platform Service1CVE-2022-21865
Windows Modern Execution Server1CVE-2022-21888
Windows Local Security Authority1CVE-2022-21913
Role: Windows Hyper-V4CVE-2022-21900, CVE-2022-21901, CVE-2022-21905, CVE-2022-21847
Windows Diagnostic Hub1CVE-2022-21871
Windows Devices Human Interface1CVE-2022-21868
Microsoft Edge (Chromium-based)29CVE-2022-21929, CVE-2022-21930, CVE-2022-21931, CVE-2022-21954, CVE-2022-21970, CVE-2022-0096, CVE-2022-0097, CVE-2022-0098, CVE-2022-0099, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0104, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0108, CVE-2022-0109, CVE-2022-0110, CVE-2022-0111, CVE-2022-0112, CVE-2022-0113, CVE-2022-0114, CVE-2022-0115, CVE-2022-0116, CVE-2022-0117, CVE-2022-0118, CVE-2022-0120
Windows UI Immersive Server1CVE-2022-21864
Windows AppContracts API Server1CVE-2022-21860
Windows UEFI1CVE-2022-21899
Windows Tile Data Repository1CVE-2022-21873
Windows Cluster Port Driver1CVE-2022-21910
Windows Virtual Machine IDE Drive1CVE-2022-21833
Windows Account Control1CVE-2022-21859
Windows Security Center1CVE-2022-21874

Other Information

There were no new advisories included with the January Security Guidance.