With its latest Patch Tuesday, Microsoft is delivering numerous fixes and improvements to its users with two big updates, one aimed at Windows 10
, the other at Windows 11
As tradition dictates, Microsoft released its Patch Tuesday, January 11, incidentally the first of the year, correcting no less than 97 CVEs, a handful of which can be considered “critical”. Cumulative update KB5009543 is thus notably available for versions 20H2, 21H1 and 21H2 of Windows 10, while KB5009566 can be downloaded for users of Windows 11. Note that it is recommended, for users of Microsoft version 2004 , to branch off to a newer version, which no longer receives security updates.
Improvements and fixes for Active Directory and IME
Among the improvements and fixes raised by Microsoft, the issue that prevented Active Directory attributes from being written correctly during an LDAP modify operation (Lightweight Directory Access Protocol) has been successfully resolved. Remember that Active Directory is the famous Microsoft directory that stores information – passwords, names, phone numbers – on objects on the network, making this data available to network users and administrators.
Same thing for the one that affected Japanese input method editors (IMEs). In fact, when using an IME to enter text, it could appear out of order. The cursor could move surprisingly in applications using the MBCS (multi-byte) character set. This same problem has also been solved on Windows 11. The IME is a software component that allows you to enter text in a language that cannot be represented easily on an AZERTY type keyboard.
Several vulnerabilities on Microsoft Exchange Server side fixed
Among the patches applied to 97 vulnerabilities, some get more attention than others. This is the case of the remote code execution vulnerability in the HTTP protocol stack, referenced CVE-2022-21907 and discovered by Russian researcher Mikhail Medvedev. Microsoft indicates about this flaw affecting Windows Server 2019 that by exploiting it, an unauthenticated attacker ” could send a specially crafted packet to a targeted server using the HTTP protocol stack (http.sys) to process the packets “. If the functionality that contains the vulnerability is not active by default, the affected servers should be patched first.
” Microsoft warns that this vulnerability is “worming”, which means that no human interaction would be required for an attack to spread from system to system. As such, organizations using the HTTP protocol stack should prioritize fixing this vulnerability as soon as possible. says Satnam Narang, research engineer at Tenable.
It adds that Microsoft has fixed three remote code execution vulnerabilities in Microsoft Exchange Server, referenced CVE-2022-21846, CVE-2022-21969 and CVE-2022-21855. The first was discovered by the NSA (the National Security Agency). Fortunately, the attack vector being adjacent, the flaw is less critical than the ProxyLogon and ProxyShell vulnerabilities, because here it cannot be exploited remotely and requires a specific element related to the target, such as the same network physical (Bluetooth, Wi-Fi).
💡 By the way, it’s all nice, but how do we install these updates? Here is our solution, it couldn’t be simpler:
- On your keyboard, via the shortcut Windows key + key I. From there, navigate to the “Update & Security” panel, and let yourself be guided through Windows Update.
Sources: Windows 10 update KB5009543
, Windows 11 update KB5009566