petri[.]com/patch-tuesday-january-2022-wormable-bug-in-windows-critical-bug-exchange
zdnet[.]com/article/microsoft-january-2022-patch-tuesday-six-zero-days-over-90-vulnerabilities-fixed/
Microsoft has released 96 security fixes including updates to address six zero-day vulnerabilities.None of the zero-day flaws above are known to have been exploited in the wild. A total of 24 vulnerabilities were patched earlier this month in Microsoft Edge (Chromium-based). According to the Zero Day Initiative (ZDI), this volume is unusual for the month of January, with previous years often being roughly half this number.
While there don't *seem* to be any bugs targeting consumers, System Admins get hit hard:
neowin[.]net/news/latest-patch-tuesday-update-is-causing-major-problems-for-windows-server-admins/
As noted by BornCity and Bleeping Computer, Windows Server admins are reporting instances of Windows restarting after every few minutes after installing KB5009624, KB5009595, and KB5009557. All versions of Windows Server are reportedly affected with admins observing that the boot loop is caused after the LSASS.exe process utilizes all CPU resources and then terminates. Since the aforementioned process is critical to operations, this results in an OS restart. Reports claim that Windows Server reboots with error codes 0xc0000005 and 0xc0000006.Another issue plaguing Windows Server installations is that Hyper-V no longer starts after installing the latest update. As such, virtual machines don't launch either. Although the majority of reports say that this affects only Windows Server 2012 R2, some have claimed that it affects newer versions too.
Yet another issue relates with the Windows Resilient File System (ReFS) volumes being no longer accessible or being shown as unformatted.
windowscentral[.]com/windows-update-introduces-vpn-issue-forcing-admins-pick-between-security-or-functionality
... while the updates helped alleviate Windows of numerous vulnerabilities, they've also had the unforeseen consequence of borking some PC users' VPN connections.Windows admins over on Reddit are reporting the issue affects SonicWall and WatchGuard connections, among others (via BleepingComputer). The message users get hit with when attempting connections reads "the L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."
It's worth noting this unintended side effect of Patch Tuesday isn't affecting all VPN users. Rather, it's seeming to hit those using Windows' built-in VPN client.