Microsoft has released 52 new patches this month as part of its December 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which is being actively exploited.
Of the 52 released, six are rated critical, 43 are rated important and three are rated moderate in severity, according to Zero Day Initiative, which calls this month’s release a light month for Microsoft amid the holidays.
ZDI, the vulnerability disclosure initiative of cybersecurity company Trend Micro, says this release is the smallest monthly release this year while 2022 overall was Microsoft’s second busiest year ever with over 900 vulnerabilities fixed in total.
While the number of vulnerabilities patched each month varies depending on the researcher, researchers agree that there are two zero-day bugs patched this month, one of which is being actively exploited. However, given the ratings and severity scores, there are a handful that IT admins and security professionals should prioritize.
CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability
According to ZDI, this bug is likely related to the Mark of the Web bug that Microsoft patched last month. A file could be created that evades the mark of the web (MOTW) detection and bypasses security features such as Protected View in Microsoft Office. Since many phishing attacks leverage attachments, these protections are important in preventing malware from being deployed onto a target system.
According to Satnam Narang, a senior staff research engineer at vulnerability management company Tenable, SmartScreen is a built-in Windows feature that works with its mark of the web functionality to flag files downloaded from the internet.
“Depending on how MOTW flags a file, SmartScreen will perform a reputation check,” Narang says. “This vulnerability can be exploited in multiple scenarios, including through malicious websites and malicious attachments delivered over email or messaging services.”
A potential victim would have to visit a malicious website or open the attachment in order to bypass SmartScreen, Narang adds. Since this is being exploited in the wild, admins should prioritize this patch.
CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege
The second zero-day vulnerability patched this month, this important-rated bug was publicly disclosed before Microsoft issued its security updates. Microsoft gives it a CVSS score of 7.8, but is considered to be a flaw less likely to be exploited, according to Narang, citing Microsoft’s Exploitability Index.
CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability
A bug highlighted by several researchers, this critical-rated bug could allow an unauthenticated attacker to escape the PowerShell Remoting Session Configuration and run unapproved commands on an affected system, according to ZDI. PowerShell is a legitimate tool commonly used by threat actors to evade detection while moving throughout networks, so a bug impacting PowerShell and bypassing restrictions should be prioritized.
Other bugs highlighted by ZDI and Tenable include CVE-2022-44690 and CVE-2022-44693, remote code execution bugs in| Microsoft SharePoint Server; CVE-2022-44678 and CVE-2022-44681, elevation of privilege bugs in Windows Print Spooler; CVE-2022-44713, a spoofing bug in Microsoft Outlook for Mac; and more.
Visit Microsoft’s Security Update Guide for more information on these patches.
Stay tuned for a podcast on the December 2022 Patch Tuesday releases this week!
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply