Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

TALOS
#vulnerability#windows#microsoft#cisco#rce#auth

Tuesday, December 13, 2022 14:12

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

One of the critical vulnerabilities, which Microsoft considers to be “more likely” to be exploited is CVE-2022-41076, a remote code execution (RCE) vulnerability in Windows PowerShell which could allow a previously authenticated attacker to escape the PowerShell Remoting Session Configuration and run unauthorized commands on compromised systems.

Another critical vulnerability, CVE-2022-41127, affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central. Successful exploitation could allow an attacker to execute code on Dynamic NAV servers within the context of the service account under which Dynamics is running.

Two additional critical vulnerabilities, CVE-2022-44670 and CVE-2022-44676 are remote code execution vulnerabilities affecting the Windows Secure Socket Tunneling Protocol (SSTP). Successful exploitation of these vulnerabilities requires an attacker to win a race condition but could enable an attacker to remotely execute code on RAS servers.

The final two critical vulnerabilities being addressed this month are remote code execution vulnerabilities in Microsoft Sharepoint Server. Successful exploitation of CVE-2022-44690 or CVE-2022-44693 could enable an attacker to execute code on Sharepoint Servers but require the attacker to first be authenticated and granted the ability to use the Manage Lists feature in Sharepoint.

Talso would also like to highlight 6 important vulnerabilities that Microsoft considers to be “more likely” to be exploited.

  • CVE-2022-41121: Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2022-44671: Windows Graphics Component Elevation of Privilege Vulnerability
  • CVE-2022-44673: Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
  • CVE-2022-44675: Windows Bluetooth Driver Elevation of Privilege Vulnerability
  • CVE-2022-44683: Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2022-44704: Microsoft Windows Sysmon Elevation of Privilege Vulnerability

A complete list of all the vulnerabilities Microsoft disclosed this month is available on its update page.

In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.

The rules included in this release that protect against the exploitation of many of these vulnerabilities are 60972 - 60975, 60977 - 60978. For Snort 3, the following rules are also available to protect against these vulnerabilities: 300339 - 300341.

Related news

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

Update now! Two zero-days fixed in 2022's last patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

CVE-2022-41076

PowerShell Remote Code Execution Vulnerability.

CVE-2022-44675

Windows Bluetooth Driver Elevation of Privilege Vulnerability.

CVE-2022-41127

Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.

CVE-2022-41121

Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697.

CVE-2022-44683

Windows Kernel Elevation of Privilege Vulnerability.

CVE-2022-44693

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2022-44704

Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability

TALOS: Latest News

Malicious QR Codes: How big of a problem is it, really?