Headline
Update now! Two zero-days fixed in 2022's last patch Tuesday
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday
Tags: Microsoft
Tags: Android
Tags: Apple
Tags: Mozilla
Tags: Google
Tags: Sap
Tags: Citrix
Tags: Fortinet
Tags: Cisco
Tags: CVE-2022-44698
Tags: MotW
Tags: CVE-2022-44710
Tags: race condition
Tags: CVE-2022-44670
Tags: CVE-2022-44676
Tags: CVE-2022-41076
Tags: remote powershell
The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed
(Read more…)
The post Update now! Two zero-days fixed in 2022’s last patch Tuesday appeared first on Malwarebytes Labs.
In numbers, the patch Tuesday of December 2022 is a relatively light one for Windows users. Microsoft patched 48 vulnerabilities with only six considered critical. But numbers are only half the story. Two of the updates are zero-days with one of them known to be actively exploited.
Windows SmartScreen
Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).
The vulnerability that is exploited in the wild is listed under CVE-2022-44698 and described as a Windows SmartScreen Security Feature bypass vulnerability. To understand how this works, you need to understand that files can be cryptographically signed in order to confirm who created them, and to confirm that they have not been changed since they were signed. Mark-of-the-Web (MOTW) is the name for the Windows technology that warns users of potential harm when downloading and opening a file from the internet or an email attachment. In other words, it’s a safety precaution in the form of a reminder that the user is about to use a risky file that might harm their computer. The problem is that a malformed signature bypasses all the warnings you should get, so you are bound to assume everything is dandy while it’s not.
DirectX Graphics Kernel
The other zero-day is labeled as “Exploitation Less Likely” but information about the vulnerability has been made public. The vulnerability is listed as CVE-2022-44710 and described as a DirectX Graphics Kernel Elevation of Privilege (EoP) vulnerability. To successfully exploit it the attacker would need to win a race condition. But if they succeed they could gain SYSTEM privileges.
A race condition, or race hazard, is the behavior of a system where the output depends on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended. Sometimes these bugs can be exploited when the outcome is predictable and works to the attackers’ advantage.
Windows Secure Socket Tunneling Protocol
Two critical vulnerabilities we want to highlight were found in the Windows Secure Socket Tunneling Protocol (SSTP). CVE-2022-44670 and CVE-2022-44676 are remote code execution (RCE) vulnerabilities. Successful exploitation of these vulnerabilities requires an attacker to win a race condition but when successful could enable an attacker to remotely execute code on a remote access server (RAS).
A RAS is a type of server that provides a suite of services to remotely connected users over a network or the Internet. It operates as a remote gateway or central server that connects remote users with an organization’s internal local area network (LAN).
PowerShell
One more vulnerability we want to highlight because exploitation is more likely is listed as CVE-2022-41076 and described as a PowerShell RCE vulnerability. Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment and to be authenticated. If these conditions are met, the attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. This seems a very likely candidate to be chained or exploited in combination with leaked or stolen login credentials.
Other vendors
As per usual, other vendors also released important updates:
Adobe released updates for Adobe Campaign Classic, Adobe Experience Manager, and Adobe Illustrator.
Apple released several updates. More on that later.
Cisco released updates for Cisco IP Phone 7800 and 8800 phones.
Citrix released updates for Citrix ADC and Citrix Gateway.
Fortinet released an update to patch for an actively exploited FortiOS SSL-VPN vulnerability.
Google released an Android security bulletin we discussed last week.
Mozilla released updates for for Thunderbird 102.6, Firefox ESR 102.6, and Firefox 108.
SAP has released its round of December 2022 updates.
VMWare has released security updates for multiple products. Users should review the VMware Security Advisories VMSA-2022-0031, VMSA-2022-0033, and apply the necessary updates.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
Related news
Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.
Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The
Plus: Patches for Apple iOS 16, Google Chrome, Windows 10, and more.
Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.
Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.
Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.
Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
Windows SmartScreen Security Feature Bypass Vulnerability.
DirectX Graphics Kernel Elevation of Privilege Vulnerability
DirectX Graphics Kernel Elevation of Privilege Vulnerability.
Windows SmartScreen Security Feature Bypass Vulnerability
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”