Security
Headlines
HeadlinesLatestCVEs

Headline

Update now! Two zero-days fixed in 2022's last patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday

Tags: Microsoft

Tags: Android

Tags: Apple

Tags: Mozilla

Tags: Google

Tags: Sap

Tags: Citrix

Tags: Fortinet

Tags: Cisco

Tags: CVE-2022-44698

Tags: MotW

Tags: CVE-2022-44710

Tags: race condition

Tags: CVE-2022-44670

Tags: CVE-2022-44676

Tags: CVE-2022-41076

Tags: remote powershell

The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed

(Read more…)

The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.

Malwarebytes
#vulnerability#web#ios#android#windows#apple#google#microsoft#cisco#rce#vmware#auth#zero_day#firefox#sap#ssl

In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited.

Windows SmartScreen

Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).

The vulnerability that is exploited in the wild is listed under CVE-2022-44698 and described as a Windows SmartScreen Security Feature bypass vulnerability. To understand how this works, you need to understand that files can be cryptographically signed in order to confirm who created them, and to confirm that they have not been changed since they were signed. Mark-of-the-Web (MOTW) is the name for the Windows technology that warns users of potential harm when downloading and opening a file from the internet or an email attachment. In other words, it’s a safety precaution in the form of a reminder that the user is about to use a risky file that might harm their computer. The problem is that a malformed signature bypasses all the warnings you should get, so you are bound to assume everything is dandy while it’s not.

DirectX Graphics Kernel

The other zero-day is labeled as “Exploitation Less Likely” but information about the vulnerability has been made public. The vulnerability is listed as CVE-2022-44710 and described as a DirectX Graphics Kernel Elevation of Privilege (EoP) vulnerability. To successfully exploit it the attacker would need to win a race condition. But if they succeed they could gain SYSTEM privileges.

A race condition, or race hazard, is the behavior of a system where the output depends on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended. Sometimes these bugs can be exploited when the outcome is predictable and works to the attackers’ advantage.

Windows Secure Socket Tunneling Protocol

Two critical vulnerabilities we want to highlight were found in the Windows Secure Socket Tunneling Protocol (SSTP). CVE-2022-44670 and CVE-2022-44676 are remote code execution (RCE) vulnerabilities. Successful exploitation of these vulnerabilities requires an attacker to win a race condition but when successful could enable an attacker to remotely execute code on a remote access server (RAS).

A RAS is a type of server that provides a suite of services to remotely connected users over a network or the Internet. It operates as a remote gateway or central server that connects remote users with an organization’s internal local area network (LAN).

PowerShell

One more vulnerability we want to highlight because exploitation is more likely is listed as CVE-2022-41076 and described as a PowerShell RCE vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment and to be authenticated. If these conditions are met, the attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. This seems a very likely candidate to be chained or exploited in combination with leaked or stolen login credentials.

Other vendors

As per usual, other vendors also released important updates:

Adobe released updates for Adobe Campaign Classic, Adobe Experience Manager, and Adobe Illustrator.

Apple released several updates. More on that later.

Cisco released updates for Cisco IP Phone 7800 and 8800 phones.

Citrix released updates for Citrix ADC and Citrix Gateway.

Fortinet released an update to patch for an actively exploited FortiOS SSL-VPN vulnerability.

Google released an Android security bulletin we discussed last week.

Mozilla released updates for for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108.

SAP has released its round of December 2022 updates.

VMWare has released security updates for multiple products. Users should review the VMware Security Advisories VMSA-2022-0031, VMSA-2022-0033, and apply the necessary updates.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Related news

Fat Patch Tuesday, February 2024 Edition

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability.

CVE-2022-44710

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2022-44710

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2022-41076

PowerShell Remote Code Execution Vulnerability.

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”