Wow! What a week. Things started slow, but by the time we got to Tuesday, things were really in full swing with Patch Tuesday. Microsoft issued the most significant number of CVE’s in the last eight months. Over 97 CVE’s were released, and that didn’t count all the other vendors that jumped in (as they usually do). By Wednesday, things started to go south quickly. Tons of IT admins discovered significant stability issues with some of the patches that Microsoft was releasing. Compounding the problem was one of the fixes that addressed a Wormable vulnerability. However, at this time, none of the vulnerabilities are being exploited. Today, the following KBs should be denied in your patching systems until fixes can be released.
Server 2012 – KB5009586
Server 2012R2 – KB5009624
Server 2019 – KB5009557
Server 2016 – KB5009546
Server 2022 – KB5009555
-Shawn Waldman – CEO – Secure Cyber Defense
Are you looking for a partner to proactively protect your environment? Check out our services page today or email us at sales AT secdef.com.
Below are all the links talked about in the January 14, 2022, YouTube Video Cyber Update:
Ivanti – Log4j Vulnerability Product Map – https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US
Apple Updates – https://support.apple.com/en-us/HT213043
Adobe Updates – https://www.cisa.gov/uscert/ncas/current-activity/2022/01/11/adobe-releases-security-updates-multiple-products (Reader, Illustrator, Bridge, InCopy, In Design)
Microsoft Updates – https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan
Reddit Thread on January Update Issues – https://www.reddit.com/r/sysadmin/comments/s1jcue/patch_tuesday_megathread_20220112/
Microsoft Pulls Patches – (BleepingComputer) – https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-new-windows-server-updates-due-to-critical-bugs/
CISA Known Vulnerabilities Catalog – https://www.cisa.gov/known-exploited-vulnerabilities-catalog