[Updated] Virtual Administrator’s January 2022 Patch Recommendations
Updated Patch Notes 1-21-2022
Update (1/21/2022): All January patches will be approved in patch policy
On 17th January 2022, Microsoft released emergency (or Out-of-band) security updates for resolving specific issues caused by the earlier January 11th Cumulative Updates/Monthly Rollups. These Out-of-band (OOB) updates supersede the Cumulative Updates that caused all the issues. The Monthly Rollups do not replace the earlier updates and are offered as “optional updates”. Provided both are installed together before reboot, the fixes in the OOB update will take precedence.
So far we have not seen or read of any new issues introduced by the OOB fixes.
January 17, 2022 Out-of-band Updates
Security and Quality Rollup
- KB5010798 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5010794 – Windows 8.1, Windows Server 2012 R2
- KB5010797 – Windows Server 2012
- KB5010799 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5010789 – Original release version 1507 (OS Build 10240)
- KB5010790 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5010791 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5010792 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5010793 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5010793 – Version 21H1 “May 2021 Update” (OS Build 19043)
- KB5010793 – Version 21H2 “November 2021 Update” (OS Build 19044)
(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
Windows 11
- KB5010795 – Original release (OS Build 22000)
Windows Server
- KB5010790 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5010791 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5010796 – Server 2022 (OS Build 20348)
FYI: If you want to remove the Latest Cumulative Update (LCU)
To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package (https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options) command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.
Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.
Original Patch Notes – 1-14-2022
This month Microsoft released patches for 97 vulnerabilities with 9 rated “Critical” and 88 “Important” in severity.
None of the January Cumulative Updates and Monthly Rollups have been approved. All other standalone and Office patches have been approved in our patch policy.
There are serious problems with all of the January Cumulative Updates and Monthly Rollups. For that reason we are delaying the approval of all of them. We are releasing other standalone patches including the January Office updates. There is a known issue with the Sharepoint patches. Details and a workaround are provided in the “Known Issues” section below. Also the two Office patches KB5002104,KB5002099 we denied last month will be approved. Microsoft released fixes KB2965317 and KB4484211 which can be installed manually – see details below “Released KBs from December 2021”
The “Known Issues” section below outlines the problems reported for the Cumulative Updates and Monthly Rollups. Microsoft has only recently acknowledge any of them and has no workarounds. These problems included Server reboot loops, Hyper-V not booting and VPN connections failing. We will monitor this situation and provide an update next Friday – January 21st.
FYI – Released KBs from December 2021
Last month Office patches KB5002104 and KB5002099 were denied. They could cause problems with multi-user access on network shares. Patches have been released to correct the problem. These patches much be downloaded and installed manually after KB5002104/KB5002099 has been installed.
KB5002104
Description of the security update for Office 2013: December 14, 2021 (KB5002104)
After this update is installed, Microsoft Access databases that are stored on a network share can’t be accessed by multiple users simultaneously. To resolve this issue, see the following Knowledge Base article:
December 29, 2021, update for Office 2013 (KB2965317)
KB5002099
Description of the security update for Office 2016: December 14, 2021 (KB5002099)
After this update is installed, Microsoft Access databases that are stored on a network share can’t be accessed by multiple users simultaneously. To resolve this issue, see the following Knowledge Base article:
4484211 Database on network share can’t be accessed by multiple users in Office 2016
Databases on network share can’t be accessed by multiple users in Office 2016 (KB4484211)
Disclosed: CVE-2022-21836, CVE-2022-21839, CVE-2022-21874, CVE-2022-21919, CVE-2021-22947, CVE-2021-36976
Exploited: None
Security Update Guide
https://portal.msrc.microsoft.com/en-us/security-guidance
Morphus Labs patch dashboard here: https://patchtuesdaydashboard.com
We will no longer listing “affected software” in this post. Previously Microsoft listed affected “software”. This month the list includes “products, features and roles” which makes the list too long. If you look at the month’s Release Notes on the Security Update Guide page you can view this list.
Microsoft Security Advisories – Update
ADV170021 | Microsoft Office Defense in Depth Update (Published:12/12/2017 | Last Updated:01/11/2022)
https://msrc.microsoft.com/update-guide/vulnerability/ADV170021
Reason for Revision: On 1/11/2022 Microsoft released an update for all supported versions of Excel that disables DDE Server Launch by default, protecting customers out of the box from attacks targeting DDE. DDE Server Launch can be enabled by setting the DisableDDEServerLaunch registry value to 0. Administrators can enable DDE Server Launch for Office 2016 and later by using the Group Policy template; administrators should be aware that users cannot disable DDE Server Launch if an administrator has enabled it via Group Policy. For more information see Microsoft Excel security enhancements in the January 2022 update.
Known Issues
VPN connections fail:
- KB5009566 – Windows 11
- KB5009543 – Windows 10
- KB5009555 – Windows Server 2022
- KB5009546 – Windows Server 2016
Symptom: After installing this update, IP Security (IPSEC) connections that contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.
Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings.
Note Not all VPN servers have the option to disable Vendor ID from being used.
We are presently investigating and will provide an update in an upcoming release.
Hyper-V might not start:
KB5009624/KB5009595 – Windows Server 2012 R2
Symptom: After installing this update on a device by using Unified Extensible Firmware Interface (UEFI), virtual machines (VMs) in Hyper-V might not start.
Workaround: We are presently investigating and will provide an update in an upcoming release.
Windows Server might restart unexpectedly:
- KB5009624/KB5009595 – Windows Server 2012 R2
- KB5009555 – Windows Server 2022
- KB5009546 – Windows Server 2016
Symptom: After installing this update on domain controllers (DCs), affected versions of Windows Server might restart unexpectedly.
Workaround: We are presently investigating and will provide an update in an upcoming release.
Note On Windows Server 2016 and later, you are more likely to be affected when DCs use Shadow Principals in Enhanced Security Admin Environment (ESAE) or environments that use Privileged Identity Management (PIM).
SharePoint Foundation 2013/Enterprise Server 2016/Server 2019
(KB5002109,KB5002111,KB5002113,KB5002127)
Link for SharePoint Server 2019: January 11, 2022 (KB5002109)
Symptom: Most users cannot access Web.config files in Microsoft SharePoint Server. The affected group of users does not include farm administrators, local administrators, or members who are managed by the system.
Cause: For security, users other than those that are specified in the “Symptoms” section are restricted from accessing Web.config files.
Workaround: Users cannot access Web.config files in SharePoint Server (KB5010126)
Good resource for known issues with Windows 10 patches. Find the version and click on “Known issues”.
Windows release health
https://docs.microsoft.com/en-us/windows/release-health/
Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022 KBs
Links are https://support.microsoft.com/en-us/help/####### with the KB number only.
Security and Quality Rollup
- KB5009610 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5009624 – Windows 8.1, Windows Server 2012 R2
- KB5009586 – Windows Server 2012
- KB5009627 – Windows Server 2008 (ESU)
Security Only Update
- KB5009621 – Windows 7, Windows Server 2008 R2 (ESU)
- KB5009595 – Windows 8.1, Windows Server 2012 R2
- KB5009619 – Windows Server 2012
- KB5009601 – Windows Server 2008 (ESU)
Cumulative Updates
Windows 10
- KB5009585 – Original release version 1507 (OS Build 10240)
- KB5009546 – Version 1607 “Anniversary Update” (OS Build 14393)
- KB5009557 – Version 1809 “October 2018 Update” (OS Build 17763)
- KB5009545 – Version 1909 “November 2019 Update” (OS Build 18363)
- KB5009543 – Version 20H2 “October 2020 Update” (OS Build 19042)
- KB5009543 – Version 21H1 “May 2021 Update” (OS Build 19043)
- KB5009543 – Version 21H2 “November 2021 Update” (OS Build 19044)(Versions 1511,1703,1709,1803,1903,2004 are no longer under support)
Windows 11
- KB5009566 – Original release (OS Build 22000)
Windows Server
- KB5009546 – Server 2016 (same KB as Windows 10 Version 1607)
- KB5009557 – Server 2019 (same KB as Windows 10 Version 1809)
- KB5009555 – Server 2022 (OS Build 20348)
January 2022 updates for Microsoft Office
Notable CVEs
CVE-2021-22947 | Open Source Curl Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-22947
CVE-2021-36976 | Libarchive Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36976
CVE-2022-21836 | Windows Certificate Spoofing Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21836
CVE-2022-21839 | Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability (Win 10 Version 1809/ Server 2019 Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21839
CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability (Office various KBs)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840
CVE-2022-21846 | Microsoft Exchange Server Remote Code Execution Vulnerability (Exchange Server 2013/2016/2019 – KB5008631)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21846
CVE-2022-21849 | Windows IKE Extension Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21849
CVE-2022-21857 | Active Directory Domain Services Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21857
CVE-2022-21874 | Windows Security Center API Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21874
CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability (Cumulative Update)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907
CVE-2022-21919 | Windows User Profile Service Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21919
