Security 10797 Published by

Microsoft has published Microsoft Security update revisions for January 14, 2022





************************************************************************************
Title: Microsoft Security Update Revisions
Issued: January 14, 2022
************************************************************************************

Summary
=======

The following CVEs have undergone revision increments.
======================================================================================

* CVE-2022-21840
* CVE-2022-21841
* CVE-2022-21880
* CVE-2022-21882
* CVE-2022-21893
* CVE-2022-21907
* CVE-2022-21913


 - CVE-2022-21840 | Microsoft Office Remote Code Execution Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21840
 - Version: 2.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Microsoft Office for Mac. Customers running affected Mac software 
   should install the update for their product to be protected from this vulnerability.
   Customers running other Microsoft Office software do not need to take any action. 
   See the Release Notes for more information and download links.
 - Originally posted: January 11, 2022
 - Updated: January 13, 2022
 - Aggregate CVE Severity Rating: Critical

 - CVE-2022-21841 | Microsoft Excel Remote Code Execution Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21841
 - Version: 2.0
 - Reason for Revision: Microsoft is announcing the availability of the security 
   updates for Microsoft Office for Mac. Customers running affected Mac software 
   should install the update for their product to be protected from this vulnerability.
   Customers running other Microsoft Office software do not need to take any action. 
   See the Release Notes for more information and download links.
 - Originally posted: January 11, 2022
 - Updated: January 13, 2022
 - Aggregate CVE Severity Rating: Important

 - CVE-2022-21880 | Windows GDI+ Information Disclosure Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21880
 - Version: 1.1
 - Reason for Revision: Updated FAQ information. This is an informational change
   only.
 - Originally posted: January 11, 2022
 - Updated: January 14, 2022
 - Aggregate CVE Severity Rating: Important

 - CVE-2022-21882 | Win32k Elevation of Privilege Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21882
 - Version: 1.1
 - Reason for Revision: Corrected Active Attack entry to Yes. When this  
   information was originally released, Microsoft was aware of limited, 
   targeted attacks that attempt to exploit this vulnerability.
 - Originally posted: January 11, 2022
 - Updated: January 13, 2022
 - Aggregate CVE Severity Rating: Important

 - CVE-2022-21893 | Remote Desktop Protocol Remote Code Execution Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21893
 - Version: 1.1
 - Reason for Revision: Updated one or more CVSS scores for the affected products.
   This is an informational change only.
 - Originally posted: January 11, 2022
 - Updated: January 13, 2022
 - Aggregate CVE Severity Rating: Important

 - CVE-2022-21907 | HTTP Protocol Stack Remote Code Execution Vulnerability
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907
 - Version: 1.1
 - Reason for Revision: Clarified the mitigation and added FAQs. This in an
   informational change only.
 - Originally posted: January 11, 2022
 - Updated: January 12, 2022
 - Aggregate CVE Severity Rating: Critical

 - CVE-2022-21913 | Local Security Authority (Domain Policy) Remote Protocol
   Security Feature Bypass
 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21913
 - Version: 1.1
 - Reason for Revision: Added an FAQ. This is an information change only.
 - Originally posted: January 11, 2022
 - Updated: January 13, 2022
 - Aggregate CVE Severity Rating: Important


Other Information
=================

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing 
a Microsoft security update, it is a hoax that may contain 
malware or pointers to malicious websites. Microsoft does 
not distribute security updates via email. 

The Microsoft Security Response Center (MSRC) uses PGP to digitally 
sign all security notifications. However, PGP is not required for 
reading security notifications, reading security bulletins, or 
installing security updates. You can obtain the MSRC public PGP key
at <https://technet.microsoft.com/security/dn753714>.

********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************