Welcome to 2022! Unfortunately, no longer exploiting vulnerabilities was not any hacker's New Year's resolution. We are kicking off the new year with 96 exploits being closed. Nine of these are listed as critical, with six already publicly closed. This feels like a lot more critical vulnerabilities than we have seen previously, but hopefully this is a one-off and not an ongoing trend for 2022.
If we are desperate to find the positive side, at least none of these are actively being exploited right now. With the six already publicly known, this seems like an outlier, but it is an outlier that we can enjoy!
Some highlights (or lowlights)
CVE-2022-21907: This Remote Code Execution exploit is one of the two 9.8 vulnerabilities patched this month. It attacks the HTTP protocol stack and requires no privileges or user interaction to run. With the attack vector being network, that is just about all the indicators you are looking for it to be a worm-able vulnerability. I think the only thing keeping it down a bit is the HTTP Trailer Support is not active by default. You will need to check the following registry key:
HKLM\System\CurrentControlSet\Services\HTTP\Parameters\
for this value:
"EnableTrailerSupport"=dword:00000001 in
This is a top priority patch, and you don’t want to keep this open for long.
CVE-2022-21849: The other 9.8 vulnerability may not be listed as critical, but is just as important. It is a Remote Code Execution that uses Internet Key Exchange (IKE) version 2. This allows an attacker to run code unauthenticated and without user interaction. The reason it is only listed as important is because it requires the IPSec service to be running on the machine for it to be vulnerable.
CVE-2022-21857: This vulnerability is an exploit that allows the elevation for privilege on Active Directory trust boundary. This one is listed as critical, but it requires the attacker to have at least some permissions, which means the attacker would have already needed to be in your system, whether a different exploit or an inside attack.
Wrapping up
Well, we’re starting the year off in a fun way. On top of the three vulnerabilities we listed here, Exchange also has a few RCE vulnerabilities. Coming on the tails of Y2K22 it has been a rough month for email.
With nine critical vulnerabilities, one worm-able, and six that are already known before the patch came out, this month has a lot of bad in it. It feels good to get this out of the way, so I look forward to 11 months of smooth sailing after this.
It’s times like these that being able to patch your systems quickly and effectively is critical. PDQ Deploy and PDQ Inventory can help you get this done ASAP. If you are feeling it, you can even have it automated, which gives you more time to appreciate how hilarious I am, and fewer ulcer concerns. It is an all-around win.