Microsoft Patch Tuesday
Microsoft starts the year 2022 with an extensive patch Tuesday, which includes fixes for 126 CVEs. Nine of these vulnerabilities are classified as critical, including one in the widely used Exchange Server, which was reported by the National Security Agency (NSA). Although none of these vulnerabilities are known to be exploitable, the risk is high due to the severity. For example, CVE-2022-21907, with a CVSS rating of 9.8/10, is vulnerable to Internet Worms when exploited and affects Windows servers configured as web servers.
Bharat Jogi, Director, Vulnerability and Threat Research at Qualys
“This patch Tuesday comes at a challenging time in the security industry,” says Bharat Jogi, Director, Vulnerability and Threat Research at Qualys . “The technical staff is working overtime to fix Log4Shell – reportedly the worst security vulnerability in decades. Unpredictable events such as Log4Shell are a significant stress for security professionals dealing with such outbreaks. They make it clear how important an automated inventory of all components used in the environment of a company is.“
It is currently particularly advisable to automate the provision of patches for events with defined schedules – such as Patch Tuesday. “This allows security experts to use their energy to respond efficiently to such unpredictable events that pose a high risk to the security of an enterprise,” concludes Jogi.