Get Newest Safety Updates from Microsoft and Extra

Deal Score0
Deal Score0

Dec 14, 2022Ravie LakshmananPatch Administration / Vulnerability

Tech big Microsoft launched its final set of month-to-month safety updates for 2022 with fixes for 49 vulnerabilities throughout its software program merchandise.

Of the 49 bugs, six are rated Important, 40 are rated Essential, and three are rated Reasonable in severity. The updates are along with 24 vulnerabilities which have been addressed within the Chromium-based Edge browser for the reason that begin of the month.

December’s Patch Tuesday plugs two zero-day vulnerabilities, one which’s actively exploited and one other difficulty that is listed as publicly disclosed on the time of launch.

The previous pertains to CVE-2022-44698 (CVSS rating: 5.4), one of many three security bypass issues in Home windows SmartScreen that might be exploited by a malicious actor to evade mark of the online (MotW) protections.

It is price noting that this difficulty, along side CVE-2022-41091 (CVSS rating: 5.4), has been noticed being exploited by Magniber ransomware actors to ship rogue JavaScript information inside ZIP archives.


“It permits attackers to craft paperwork that will not get tagged with Microsoft’s ‘Mark of the Internet’ regardless of being downloaded from untrusted websites,” Rapid7’s Greg Wiseman mentioned. “This implies no Protected View for Microsoft Workplace paperwork, making it simpler to get customers to do sketchy issues like execute malicious macros.”

Publicly disclosed, however not seen actively exploited, is CVE-2022-44710 (CVSS rating: 7.8), an elevation of privilege flaw in DirectX Graphics Kernel that might allow an adversary to achieve SYSTEM privileges.

“Profitable exploitation of this vulnerability requires an attacker to win a race situation,” Microsoft identified in an advisory.

Additionally patched by Microsoft are a number of distant code execution bugs in Microsoft Dynamics NAV, Microsoft SharePoint Server, PowerShell, Home windows Safe Socket Tunneling Protocol (SSTP), .NET Framework, Contacts, and Terminal.

Moreover, the replace additionally resolves 11 distant code execution vulnerabilities in Microsoft Workplace Graphics, OneNote, and Visio, all of that are rated 7.8 within the CVSS scoring system.

Two of the 19 elevation of privilege flaws remediated this month contains fixes for the Home windows Print Spooler part (CVE-2022-44678 and CVE-2022-44681, CVSS scores: 7.8), persevering with a gentle stream of patches launched by the corporate over the previous 12 months.

Final however not least, Microsoft has assigned the “Exploitation Extra Probably” tag to the PowerShell distant code execution vulnerability (CVE-2022-41076, CVSS rating: 8.5) and Home windows Sysmon privilege escalation flaw (CVE-2022-44704, CVSS rating: 7.8), making it important that customers apply updates to mitigate potential threats.

Software program Patches from Different Distributors

Along with Microsoft, safety updates have additionally been launched by different distributors over the previous two weeks to rectify a number of vulnerabilities, together with —

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.

We will be happy to hear your thoughts

Leave a reply
Enable registration in settings - general