Security
Headlines
HeadlinesLatestCVEs

Headline

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

The Hacker News
#vulnerability#web#android#mac#windows#apple#google#microsoft#ubuntu#linux#debian#cisco#red_hat#git#java#oracle#intel#rce#vmware#lenovo#ibm#dell#zero_day#chrome#firefox#sap#The Hacker News

Patch Management / Vulnerability

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products.

Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

December’s Patch Tuesday plugs two zero-day vulnerabilities, one that’s actively exploited and another issue that’s listed as publicly disclosed at the time of release.

The former relates to CVE-2022-44698 (CVSS score: 5.4), one of the three security bypass issues in Windows SmartScreen that could be exploited by a malicious actor to evade mark of the web (MotW) protections.

It’s worth noting that this issue, in conjunction with CVE-2022-41091 (CVSS score: 5.4), has been observed being exploited by Magniber ransomware actors to deliver rogue JavaScript files within ZIP archives.

“It allows attackers to craft documents that won’t get tagged with Microsoft’s ‘Mark of the Web’ despite being downloaded from untrusted sites,” Rapid7’s Greg Wiseman said. “This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros.”

Publicly disclosed, but not seen actively exploited, is CVE-2022-44710 (CVSS score: 7.8), an elevation of privilege flaw in DirectX Graphics Kernel that could enable an adversary to gain SYSTEM privileges.

“Successful exploitation of this vulnerability requires an attacker to win a race condition,” Microsoft pointed out in an advisory.

Also patched by Microsoft are multiple remote code execution bugs in Microsoft Dynamics NAV, Microsoft SharePoint Server, PowerShell, Windows Secure Socket Tunneling Protocol (SSTP), .NET Framework, Contacts, and Terminal.

Furthermore, the update also resolves 11 remote code execution vulnerabilities in Microsoft Office Graphics, OneNote, and Visio, all of which are rated 7.8 in the CVSS scoring system.

Two of the 19 elevation of privilege flaws remediated this month comprises fixes for the Windows Print Spooler component (CVE-2022-44678 and CVE-2022-44681, CVSS scores: 7.8), continuing a steady stream of patches released by the company over the past year.

Last but not least, Microsoft has assigned the “Exploitation More Likely” tag to the PowerShell remote code execution vulnerability (CVE-2022-41076, CVSS score: 8.5) and Windows Sysmon privilege escalation flaw (CVE-2022-44704, CVSS score: 7.8), making it essential that users apply updates to mitigate potential threats.

Software Patches from Other Vendors

In addition to Microsoft, security updates have also been released by other vendors over the past two weeks to rectify several vulnerabilities, including —

  • Adobe
  • Android
  • Apple
  • Cisco
  • Citrix
  • CODESYS
  • Dell
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • IBM
  • Intel
  • Lenovo
  • Linux distributions Debian, Oracle Linux, Red Hat, SUSE, and Ubuntu
  • MediaTek
  • Mozilla Firefox, Firefox ESR, and Thunderbird
  • NVIDIA
  • Qualcomm
  • SAP
  • Schneider Electric
  • Siemens
  • Sophos
  • Trend Micro, and
  • VMware

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Fat Patch Tuesday, February 2024 Edition

Microsoft Corp. today pushed software updates to plug more than 70 security holes in its Windows operating systems and related products, including two zero-day vulnerabilities that are already being exploited in active attacks.

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.

Microsoft Rolls Out Patches for 80 New Security Flaws — Two Under Active Attack

Microsoft's Patch Tuesday update for March 2023 is rolling out with remediations for a set of 80 security flaws, two of which have come under active exploitation in the wild. Eight of the 80 bugs are rated Critical, 71 are rated Important, and one is rated Moderate in severity. The updates are in addition to 29 flaws the tech giant fixed in its Chromium-based Edge browser in recent weeks. The

Microsoft Patch Tuesday December 2022: SPNEGO RCE, Mark of the Web Bypass, Edge Memory Corruptions

Hello everyone! This episode will be about Microsoft Patch Tuesday for December 2022, including vulnerabilities that were added between November and December Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239112 But let’s start with an older vulnerability. This will be another example why […]

Microsoft Patch Tuesday, December 2022 Edition

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day vulnerability in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell, and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week's Patch Tuesday.

Update now! Two zero-days fixed in 2022's last patch Tuesday

Categories: Exploits and vulnerabilities Categories: News Tags: patch Tuesday Tags: Microsoft Tags: Android Tags: Apple Tags: Mozilla Tags: Google Tags: Sap Tags: Citrix Tags: Fortinet Tags: Cisco Tags: CVE-2022-44698 Tags: MotW Tags: CVE-2022-44710 Tags: race condition Tags: CVE-2022-44670 Tags: CVE-2022-44676 Tags: CVE-2022-41076 Tags: remote powershell The last patch Tuesday of 2022 is here—find out what Microsoft and many others have fixed (Read more...) The post Update now! Two zero-days fixed in 2022's last patch Tuesday appeared first on Malwarebytes Labs.

Microsoft Squashes Zero-Day, Actively Exploited Bugs in Dec. Update

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

CVE-2022-44710

DirectX Graphics Kernel Elevation of Privilege Vulnerability

CVE-2022-41076

PowerShell Remote Code Execution Vulnerability.

CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability.

CVE-2022-44704

Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability

CVE-2022-44710

DirectX Graphics Kernel Elevation of Privilege Vulnerability.

CVE-2022-44698

Windows SmartScreen Security Feature Bypass Vulnerability

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

Microsoft Patch Tuesday for December 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 48 vulnerabilities. Of these vulnerabilities, 6 are classified as “Critical”, 41 are classified as “Important”, with the remaining vulnerability classified as “Moderate.”

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]

CVE-2022-41091

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday

Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

The Hacker News: Latest News

AI Could Generate 10,000 Malware Variants, Evading Detection in 88% of Case