Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Overview

Microsoft’s latest ‘Patch Tuesday’ delivered almost 120 security updates for Windows and supported software. This includes updates for the suite of Microsoft Office products, Active Directory, Windows Defender and a number of other important Microsoft tools and utilities.

Security updates for Apple's iOS 15.2.1 and iPadOS 15.2.1 are also available.

Individuals and businesses should apply these security updates to protect against potential cyber threats.

If you receive a notification on your computer to install updates, please do so as soon as practicable. If a notification isn't displayed, you can manually check for updates by searching for 'updates' on your computer or device's search bar.

Detail

This month’s Microsoft ‘Patch Tuesday’ addresses several vulnerabilities classified as ‘critical’ and ‘important’, including a vulnerability defined as ‘wormable’ – this means no human interaction would be required to spread between connected vulnerable Windows devices.

Of note, the wormable vulnerability is a remote code execution (RCE) flaw which was identified in the HTTP Protocol stack (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21907). This flaw affects all the latest Windows Operating Systems.

Additionally, several vulnerabilities were patched for the Microsoft Exchange Server which is implemented in a considerable number of organisations worldwide.

More information about the January 2022 Microsoft Security updates can be found here: https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan

and here: https://msrc.microsoft.com/update-guide/en-us

Apple have released security updates for iOS 15.2.1 and iPadOS 15.2.1 this month. Visit https://support.apple.com/en-us/HT201222 for more information.

Recommended Action

  • Frequently monitor and review security updates for all of your systems and devices. Implement security patches as soon as practicable. Set your devices to update automatically wherever possible.
  • If using a Microsoft computer, it should display a notification to update but if it doesn't you can 'check for updates' in the search bar next to the start button. Your organisation may implement security updates automatically but you may be asked to restart your computer in order to complete the update(s).

  • It is good practise to back up your system and/or important files before installing any major updates.

  • Take a look at the ‘5 Steps to Cyber Security’ guidance on our Advice & Guidance page for more guidance on how to better protect your organisation.

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates