Microsoft December 2022 Patch Tuesday fixes 2 zero-days, 49 flaws

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
Today is Microsoft's December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws.

Six of the 49 vulnerabilities fixed in today's update are classified as 'Critical' as they allow remote code execution, one of the most severe types of vulnerabilities.

The number of bugs in each vulnerability category is listed below:
  • 19 Elevation of Privilege Vulnerabilities
  • 2 Security Feature Bypass Vulnerabilities
  • 23 Remote Code Execution Vulnerabilities
  • 3 Information Disclosure Vulnerabilities
  • 3 Denial of Service Vulnerabilities
  • 1 Spoofing Vulnerability
The above counts do not include twenty-five Microsoft Edge vulnerabilities previously fixed on December 5th.
 

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,505
The December 2022 Security Update Review
Welcome to the final Patch Tuesday of 2021, and the first since Pwn2Own Toronto. As always, Adobe and Microsoft have released their latest security fixes just in time for the winter holidays. Take a break from your regularly scheduled activities and join us as we review the details of their latest security offerings.

Adobe Patches for December 2022

For December, Adobe released three patches fixing 37 CVEs in Illustrator, Experience Manager, and Adobe Campaign Classic. One of these bugs was reported through the ZDI program. All of the patches are rated Important in severity. The largest is the update for Experience Manager, which covers 32 bugs. The most severe of these could allow code execution through cross-site scripting (XSS). The fix for Illustrator addresses four memory leaks. The final patch for Campaign corrects a single privilege escalation bug.

None of the bugs fixed by Adobe this month are listed as publicly known or under active attack at the time of release. Adobe categorizes these updates as a deployment priority rating of 3.

Microsoft Patches for December 2022

This month, Microsoft released 52 new patches addressing CVEs in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework. This is in addition to two CVEs fixed earlier this month, which brings the December release total to 54 fixes overall. A total of 12 of these CVEs were submitted through the ZDI program.

Of the 52 new patches released today, six are rated Critical, 43 are rated Important, and three are rated Moderate in severity. December is typically a light month for Microsoft patches, and this year is no exception. It’s also the smallest monthly release this year. Overall, 2022 was Microsoft’s second busiest ever with Microsoft fixing over 900 CVEs in total.

One of the new CVEs released this month is listed as publicly known and one is listed as being in the wild at the time of release. Let’s take a closer look at some of the more interesting updates for this month, starting with the bug under active attack:

- CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability
This bug has been widely discussed on the bird site and is likely related to the Mark of the Web bug patched last month. In this case, a file could be created that evades the Mark of the Web detection and therefore bypass security features such as Protected View in Microsoft Office. Considering how many phishing attacks rely on people opening attachments, these protections are vital in preventing malware and other attacks. It’s good to see Microsoft (finally) address these bugs.

- CVE-2022-44713 – Microsoft Outlook for Mac Spoofing Vulnerability
We don’t often highlight spoofing bugs, but anytime you’re dealing with a spoofing bug in an e-mail client, you should take notice. This vulnerability could allow an attacker to appear as a trusted user when they should not be. Now combine this with the SmartScreen Mark of the Web bypass and it’s not hard to come up with a scenario where you receive an e-mail that appears to be from your boss with an attachment entitled “Executive_Compensation.xlsx”. There aren’t many who wouldn’t open that file in that scenario.

- CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability
This Critical-rated bug could allow an authenticated user to escape the PowerShell Remoting Session Configuration and run unapproved commands on an affected system. Threat actors often try to “live off the land” after an initial breach – meaning they use tools already on a system to maintain access and move throughout a network. PowerShell is one such tool, so any bug that bypasses restrictions is likely to be abused by intruders. Definitely don’t ignore this patch.

- CVE-2022-44699 – Azure Network Watcher Agent Security Feature Bypass Vulnerability
As someone who has done extensive incident response in the past, I know all too well the importance of good logs. That’s why this patch stood out to me. This bug would allow someone to terminate the packet capture from the Network Watcher agent. There might not be many enterprises relying on this tool, but for those using this VM extension, this fix should be treated as critical and deployed quickly.
 
Last edited:

mkoundo

Level 8
Verified
Well-known
Jul 21, 2017
358

Several Windows 10 versions affected by blue screen issue​


Several Windows 10 versions are affected by a new issue that may cause blue screen errors on affected devices. Microsoft confirmed the issue on Saturday for the following Windows 10 versions: Windows 10 version 22H2, 21H2, 21H1 and 20H2.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top