Tripwire's January 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Open Source Policy Kit, Adobe, and Microsoft.
First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability (CVE-2021-44228). This vulnerability made it on the December 2021 priority list, and it is back this month because it has been recently added to the Metasploit Exploit Framework. These systems should be patched as soon as possible.
Up next is a remote code execution in the Windows HTTP protocol stack. This vulnerability can be exploited over the network with no authentication required. Microsoft states that this vulnerability is wormable. Administrators should ensure this vulnerability is patched as soon as possible.
Next on the list is the so-called "PWNkit" vulnerability. This is a local privilege escalation vulnerability that potentially impacts any Linux operating system. The vulnerability exists in the PolicyKit (aka, polkit) pkexec application and allows a low privileged user to easily gain access to root with ease. Several proof-of-concepts are available on GitHub. The main requirements is that PolicyKit is installed on a target system and a malicious actor has the ability to login as a regular user. Many Linux distributions such as RedHat, Ubuntu, Amazon Linux, etc. have released patches to resolve this vulnerability.
Up next are patches for Microsoft Edge that resolve over 20 vulnerabilities such as user after free, type confusion, heap buffer overflow, and data validation vulnerabilities.
Following Edge, administrators should apply patches for Adobe Reader and Acrobat based on the APSB22-01 patch release. These patches resolve over 25 vulnerabilities and fix issues such as use after free, information exposure, stack-based buffer overflow, heap-based buffer overflow, and out of bounds write vulnerabilities.
Next are patches for Microsoft Office, Excel, and Word. These patches resolve 3 remote code execution vulnerabilities.
| BULLETIN | CVE |
|---|---|
| Exploit Framework - Metasploit | CVE-2021-44228 |
| Windows HTTP Protocol Stack | CVE-2022-21907 |
| PolicyKit (polkit) - Local Privilege Escalation | CVE-2021-4034 |
| Microsoft Edge (Chromium-based) | CVE-2022-0108, CVE-2022-0109, CVE-2022-0104, CVE-2022-0105, CVE-2022-0106, CVE-2022-0107, CVE-2022-0100, CVE-2022-0101, CVE-2022-0102, CVE-2022-0103, CVE-2022-0120, CVE-2022-0113, CVE-2022-0112, CVE-2022-0111, CVE-2022-0110, CVE-2022-0117, CVE-2022-0116, CVE-2022-0115, CVE-2022-0114, CVE-2022-0118, CVE-2022-0098, CVE-2022-0099, CVE-2022-0096, CVE-2022-0097 |
| APSB22-01 | CVE-2021-44701, CVE-2021-44702, CVE-2021-44703, CVE-2021-44704, CVE-2021-44705, CVE-2021-44706, CVE-2021-44707, CVE-2021-44708, CVE-2021-44709, CVE-2021-44710, CVE-2021-44711, CVE-2021-44712, CVE-2021-44713, CVE-2021-44714, CVE-2021-44715, CVE-2021-44739, CVE-2021-44740, CVE-2021-44741, CVE-2021-44742, CVE-2021-45060, CVE-2021-45061, CVE-2021-45062, CVE-2021-45063, CVE-2021-45064, CVE-2021-45067, CVE-2021-45068 |
| Microsoft Office Word | CVE-2022-21842 |
| Microsoft Office Excel | CVE-2022-21841 |
| Microsoft Office | CVE-2022-21840 |
| Microsoft Windows I | CVE-2022-21883, CVE-2022-21889, CVE-2022-21890, CVE-2022-21848, CVE-2022-21843, CVE-2022-21849, CVE-2021-22947, CVE-2022-21870, CVE-2022-21959, CVE-2022-21958, CVE-2022-21892, CVE-2022-21960, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963, CVE-2022-21928, CVE-2022-21924, CVE-2022-21862, CVE-2022-21835, CVE-2022-21908, CVE-2022-21897, CVE-2022-21916, CVE-2022-21877, CVE-2022-21894, CVE-2022-21918, CVE-2022-21898, CVE-2022-21912, CVE-2022-21884, CVE-2022-21836, CVE-2022-21834, CVE-2022-21868, CVE-2022-21903, CVE-2022-21904, CVE-2022-21880, CVE-2022-21915, CVE-2022-21839, CVE-2022-21872, CVE-2022-21838, CVE-2022-21881, CVE-2022-21879, CVE-2022-21896, CVE-2022-21902, CVE-2022-21852, CVE-2022-21895, CVE-2022-21919, CVE-2022-21869 |
| Microsoft Windows II | CVE-2022-21867, CVE-2022-21922, CVE-2022-21906, CVE-2022-21921, CVE-2022-21964, CVE-2022-21858, CVE-2022-21871, CVE-2022-21850, CVE-2022-21851, CVE-2022-21893, CVE-2022-21878, CVE-2022-21863, CVE-2022-21925, CVE-2022-21874, CVE-2021-36976, CVE-2022-21882, CVE-2022-21887, CVE-2022-21876, CVE-2022-21920, CVE-2022-21865, CVE-2022-21888, CVE-2022-21875, CVE-2022-21885, CVE-2022-21914, CVE-2022-21864, CVE-2022-21861, CVE-2022-21866, CVE-2022-21860, CVE-2022-21899, CVE-2022-21873, CVE-2022-21913, CVE-2022-21833, CVE-2022-21859, CVE-2022-21910 |
| .NET Framework | CVE-2022-21911 |
| Role: Windows Hyper-V | CVE-2022-21847, CVE-2022-21901, CVE-2022-21900, CVE-2022-21905 |
| Windows Active Directory | CVE-2022-21857 |
| Microsoft Exchange Server | CVE-2022-21969, CVE-2022-21855, CVE-2022-21846 |
| Microsoft Office SharePoint | CVE-2022-21837 |
| Microsoft Dynamics | CVE-2022-21932 |
Mastering Security Configuration Management
Master Security Configuration Management with Tripwire's guide on best practices. This resource explores SCM's role in modern cybersecurity, reducing the attack surface, and achieving compliance with regulations. Gain practical insights for using SCM effectively in various environments.
