Warning: Microsoft Patch Tuesday, December 2022 patches 48 vulnerabilities including two zero-day vulnerabilities, one exploited in the wild (7 critical, 40 important and 1 moderate)
Microsoft Patch Tuesday, December 2022 patches 48 vulnerabilities including two zero-day vulnerabilities, one exploited in the wild (7 critical, 40 important and 1 moderate)
Number of CVEs per type
- 23 Remote Code Execution Vulnerabilities
- 16 Elevation of Privilege Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 3 Information Disclosure Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 1 Spoofing Vulnerability
Sources
https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
Risques
This month’s Patch Tuesday includes 6 critical and 40 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.
In addition, Microsoft reports two zero-day vulnerabilities, CVE-2022-44698 (Windows SmartScreen Security Feature Bypass) is exploited in the wild and CVE-2022-44710 (DirectX Graphics Kernel Elevation of Privilege) was publicly disclosed.
Description
CVE-2022-44698 - Windows SmartScreen security feature bypass vulnerability
This is a Mark of the Web (MoTW) vulnerability with a CVSS Base Score of 5.4 affecting Windows SmartScreen. Successful exploitation prevents SmartScreen from performing a reputation check on the downloaded file, which could lead to a known malicious executable not being alerted to the user.
Threat actors are exploiting this 0-day vulnerability in the wild.
Threat actors can exploit this 0-day vulnerability using a website, email or messaging services as a delivery vector.
The threat actor can create a malicious stand-alone JavaScript file and sign the file with an illicit signature to circumvent security controls. When a potential victim visits the malicious website or opens a malicious attachment, this vulnerability circumvents the SmartScreen feature.
The vulnerability falls under the MITRE ATT&ck technique T1553 Subvert Trust Controls and is observed in various malware distribution campaigns, including the QBot trojan and Magniber Ransomware.
CVE-2022-44690, CVE-2022-44693 - Microsoft SharePoint Server Remote Code Execution Vulnerability
These Remote Code Execution vulnerabilities both received a CVSS Base Score of 8.8 affecting Microsoft SharePoint Server. An authenticated attacker with permission to use Manage Lists in SharePoint could exploit these vulnerabilities to achieve Remote Code Execution.
CVE-2022-41076 - PowerShell Remote Code Execution Vulnerability
This is a Remote Code Execution vulnerability with a CVSS Base Score of 8.5 affecting Windows PowerShell. An authenticated attacker without elevated privileges can exploit this vulnerability, successful exploitation would allow the execution of arbitrary commands on a vulnerable system.
CVE-2022-41089 - .NET Framework remote code execution vulnerability
This is a Remote Code Execution vulnerability with a CVSS Base Score of 8.8 affecting the Microsoft.NET Framework. An attacker who can force user interaction can exploit this vulnerability to achieve Remote Code execution.
Actions recommandées
The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.