Microsoft has released patches in this month’s patch Tuesday for 97 different vulnerabilities. Nine of these vulnerabilities are rated as critical. None of the vulnerabilities were known to be exploited currently, but six of them were previously publicly disclosed. These include CVE-2022-21839, a denial-of-service vulnerability in the Windows event tracing discretionary access control list, an elevation of privilege flaw in Windows user profile service (CVE-2022-21919), and a Windows certificates spoofing vulnerability (CVE-2022-21836). The remaining three publicly disclosed flaws are remote code execution bugs in Windows Security Center API (CVE-2022-21874), libarchive (CVE-2021-36976) and open-source curl (CVE-2021-22947).
It is always recommended to update systems any time that a patch or update is released. If possible, turn on the auto-update feature for non-critical systems to ensure updates are installed as soon as possible. Updates for critical systems should be tested prior to installation to ensure there are no negative business impacts.