Wow! What a week. Things started slow, but by the time we got to Tuesday, things were really in full swing with Patch Tuesday. Microsoft issued the most significant number of CVE’s in the last eight months. Over 97 CVE’s were released, and that didn’t count all the other vendors that jumped in (as they usually do). By Wednesday, things started to go south quickly. Tons of IT admins discovered significant stability issues with some of the patches that Microsoft was releasing. Compounding the problem was one of the fixes that addressed a Wormable vulnerability. However, at this time, none of the vulnerabilities are being exploited. Today, the following KBs should be denied in your patching systems until fixes can be released.

Server 2012 – KB5009586

Server 2012R2 – KB5009624

Server 2019 – KB5009557

Server 2016 – KB5009546

Server 2022 – KB5009555

-Shawn Waldman – CEO – Secure Cyber Defense

Are you looking for a partner to proactively protect your environment? Check out our services page today or email us at sales AT secdef.com.

Below are all the links talked about in the January 14, 2022, YouTube Video Cyber Update

Ivanti – Log4j Vulnerability Product Map – https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US

Juniper Updates – https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Citrix Updates – https://support.citrix.com/article/CTX335432 (Hypervisor/XenServer) https://support.citrix.com/article/CTX338435

Apple Updates – https://support.apple.com/en-us/HT213043

Cisco Updates – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4

Adobe Updates – https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/adobe-releases-security-updates-multiple-products (Reader, Illustrator, Bridge, InCopy, In Design)

Microsoft Updates – https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan

Reddit Thread on January Update Issues – https://www.reddit.com/r/sysadmin/comments/s1jcue/patch_tuesday_megathread_20220112/

Microsoft Pulls Patches – (BleepingComputer) – https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-new-windows-server-updates-due-to-critical-bugs/

CISA Known Vulnerabilities Catalog – https://www.cisa.gov/known-exploited-vulnerabilities-catalog