Headline
Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”
Tuesday, December 13, 2022 14:12
Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”
One of the critical vulnerabilities, which Microsoft considers to be “more likely” to be exploited is CVE-2022-41076, a remote code execution (RCE) vulnerability in Windows PowerShell which could allow a previously authenticated attacker to escape the PowerShell Remoting Session Configuration and run unauthorized commands on compromised systems.
Another critical vulnerability, CVE-2022-41127, affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central. Successful exploitation could allow an attacker to execute code on Dynamic NAV servers within the context of the service account under which Dynamics is running.
Two additional critical vulnerabilities, CVE-2022-44670 and CVE-2022-44676 are remote code execution vulnerabilities affecting the Windows Secure Socket Tunneling Protocol (SSTP). Successful exploitation of these vulnerabilities requires an attacker to win a race condition but could enable an attacker to remotely execute code on RAS servers.
The final two critical vulnerabilities being addressed this month are remote code execution vulnerabilities in Microsoft Sharepoint Server. Successful exploitation of CVE-2022-44690 or CVE-2022-44693 could enable an attacker to execute code on Sharepoint Servers but require the attacker to first be authenticated and granted the ability to use the Manage Lists feature in Sharepoint.
Talso would also like to highlight 6 important vulnerabilities that Microsoft considers to be “more likely” to be exploited.
- CVE-2022-41121: Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-44671: Windows Graphics Component Elevation of Privilege Vulnerability
- CVE-2022-44673: Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
- CVE-2022-44675: Windows Bluetooth Driver Elevation of Privilege Vulnerability
- CVE-2022-44683: Windows Kernel Elevation of Privilege Vulnerability
- CVE-2022-44704: Microsoft Windows Sysmon Elevation of Privilege Vulnerability
A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.
In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60972 - 60975, 60977 - 60978. For Snort 3, the following rules are also available to protect against these vulnerabilities: 300339 - 300341.
Related news
Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]
Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.
Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.
Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.
Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.
Windows Bluetooth Driver Elevation of Privilege Vulnerability.
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.
Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697.
Windows Kernel Elevation of Privilege Vulnerability.
Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability