Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws.
Six of the 49 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.
The number of bugs in each vulnerability category is listed below:
- 19 Elevation of Privilege Vulnerabilities
- 2 Security Feature Bypass Vulnerabilities
- 23 Remote Code Execution Vulnerabilities
- 3 Information Disclosure Vulnerabilities
- 3 Denial of Service Vulnerabilities
- 1 Spoofing Vulnerability
The above counts do not include twenty-five Microsoft Edge vulnerabilities previously fixed on December 5th.
For information about the non-security Windows updates, you can read today's articles on the Windows 10 KB5021233 and KB5021237 updates and the Windows 11 KB5021255 and KB5021234 updates.
Two zero-days fixed
This month's Patch Tuesday fixes two zero-day vulnerabilities, one actively exploited and the other publicly disclosed.
Microsoft classifies a vulnerability as a zero-day if it is publicly disclosed or actively exploited with no official fix available.
The actively exploited and publicly disclosed zero-day vulnerability fixed in today's updates are:
CVE-2022-44698 - Windows SmartScreen Security Feature Bypass Vulnerability discovered by Will Dormann.
"An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging."
Threat actors exploited this vulnerability by creating malicious stand-alone JavaScript files that were signed using a malformed signature.
Source: BleepingComputer
When signed in this manner, it would cause SmartCheck to error out and not display a Mark of the Web security warnings, allowing the malicious scripts to run and install the malware automatically.
Threat actors actively exploited this flaw in numerous malware distribution campaigns, including ones spreading the QBot trojan and Magniber Ransomware.
The other publicly disclosed vulnerability is:
CVE-2022-44710 - DirectX Graphics Kernel Elevation of Privilege Vulnerability discovered by Luka Pribanić.
"Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges."
Recent updates from other companies
Other vendors who released updates in December 2022 include:
- Cisco released security updates for Cisco IP Phone 7800 and 8800 phones.
- Citrix released security updates for a 'Critical' and actively exploited RCE flaw in Citrix ADA and Gateway.
- Fortinet released security updates for an actively exploits SSL-VPN vulnerability in FortiOS.
- Google released Android's December security updates.
- SAP has released its December 2022 Patch Day updates.
The December 2022 Patch Tuesday Security Updates
Below is the complete list of resolved vulnerabilities and released advisories in the December 2022 Patch Tuesday updates. To access the full description of each vulnerability and the systems that it affects, you can view the full report here.
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| .NET Framework | CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability | Important |
| Azure | CVE-2022-44699 | Azure Network Watcher Agent Security Feature Bypass Vulnerability | Important |
| Client Server Run-time Subsystem (CSRSS) | CVE-2022-44673 | Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2022-44675 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important |
| Microsoft Bluetooth Driver | CVE-2022-44674 | Windows Bluetooth Driver Information Disclosure Vulnerability | Important |
| Microsoft Dynamics | CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | Critical |
| Microsoft Edge (Chromium-based) | CVE-2022-4192 | Chromium: CVE-2022-4192 Use after free in Live Caption | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4193 | Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4190 | Chromium: CVE-2022-4190 Insufficient data validation in Directory | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4191 | Chromium: CVE-2022-4191 Use after free in Sign-In | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4194 | Chromium: CVE-2022-4194 Use after free in Accessibility | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-41115 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-44688 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2022-4195 | Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-44708 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important |
| Microsoft Edge (Chromium-based) | CVE-2022-4181 | Chromium: CVE-2022-4181 Use after free in Forms | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4180 | Chromium: CVE-2022-4180 Use after free in Mojo | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4174 | Chromium: CVE-2022-4174 Type Confusion in V8 | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4182 | Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4179 | Chromium: CVE-2022-4179 Use after free in Audio | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4178 | Chromium: CVE-2022-4178 Use after free in Mojo | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4175 | Chromium: CVE-2022-4175 Use after free in Camera Capture | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4177 | Chromium: CVE-2022-4177 Use after free in Extensions | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4187 | Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4185 | Chromium: CVE-2022-4185 Inappropriate implementation in Navigation | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4188 | Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4189 | Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4186 | Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4183 | Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker | Unknown |
| Microsoft Edge (Chromium-based) | CVE-2022-4184 | Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill | Unknown |
| Microsoft Graphics Component | CVE-2022-26805 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-26804 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-47213 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-44697 | Windows Graphics Component Elevation of Privilege Vulnerability | Moderate |
| Microsoft Graphics Component | CVE-2022-41121 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-44671 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-47212 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-26806 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-47211 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-41074 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-44679 | Windows Graphics Component Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2022-44680 | Windows Graphics Component Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2022-44692 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important |
| Microsoft Office OneNote | CVE-2022-44691 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important |
| Microsoft Office Outlook | CVE-2022-24480 | Outlook for Android Elevation of Privilege Vulnerability | Important |
| Microsoft Office Outlook | CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2022-44690 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office Visio | CVE-2022-44696 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2022-44695 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Office Visio | CVE-2022-44694 | Microsoft Office Visio Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-44668 | Windows Media Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-44667 | Windows Media Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2022-44687 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-41094 | Windows Hyper-V Elevation of Privilege Vulnerability | Important |
| Role: Windows Hyper-V | CVE-2022-44682 | Windows Hyper-V Denial of Service Vulnerability | Important |
| SysInternals | CVE-2022-44704 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability | Important |
| Windows Certificates | ADV220005 | Guidance on Microsoft Signed Drivers Being Used Maliciously | None |
| Windows Contacts | CVE-2022-44666 | Windows Contacts Remote Code Execution Vulnerability | Important |
| Windows DirectX | CVE-2022-44710 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important |
| Windows Error Reporting | CVE-2022-44669 | Windows Error Reporting Elevation of Privilege Vulnerability | Important |
| Windows Fax Compose Form | CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability | Important |
| Windows HTTP Print Provider | CVE-2022-44678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2022-44707 | Windows Kernel Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2022-44683 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows PowerShell | CVE-2022-41076 | PowerShell Remote Code Execution Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2022-44681 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2022-44677 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-44670 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows Secure Socket Tunneling Protocol (SSTP) | CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | Critical |
| Windows SmartScreen | CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate |
| Windows Subsystem for Linux | CVE-2022-44689 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | Important |
| Windows Terminal | CVE-2022-44702 | Windows Terminal Remote Code Execution Vulnerability | Important |
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now