Microsoft December 2022 Patch Tuesday
In the last Patch Tuesday of 2022, we got patches for 74 vulnerabilities. Of these, 7 are critical, 1 was previously disclosed, and 1 is already being exploited, according to Microsoft.
The exploited vulnerability is a Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2022-44698). When you download a file from the internet, Windows adds the zone identifier or Mark of the Web as an NTFS stream to the file. So, when you run the file, Windows SmartScreen checks if there is a zone identifier Alternate Data Stream (ADS) attached to the file. If the ADS indicates ZoneId=3 which means that the file was downloaded from the internet, the SmartScreen does a reputation check. Exploiting this vulnerability, an attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses. The CVSS for this vulnerability is 5.4.
Amongst critical vulnerabilities, there is a Remote Code Execution (RCE) affecting the .Net Framework (CVE-2022-41089). The exploitability for this one is ‘less likely’ according to Microsoft. The CVSS is 8.8.
A second critical vulnerability is an RCE affecting Microsoft SharePoint Server (CVE-2022-44690). According to the advisory, in a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. The CVSS for this vulnerability is 8.8.
Another critical vulnerability worth mentioning is an RCE in Powershell (CVE-2022-41076). The advisory says that the attack complexity is high as to exploit this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment. Additionally, it says that an authenticated attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. The CVSS for this vulnerability is 8.5.
See my dashboard for a more detailed breakout: https://patchtuesdaydashboard.com/
December 2022 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| .NET Framework Remote Code Execution Vulnerability | |||||||
| CVE-2022-41089 | No | No | Less Likely | Less Likely | Critical | 8.8 | 7.7 |
| Azure Network Watcher Agent Security Feature Bypass Vulnerability | |||||||
| CVE-2022-44699 | No | No | - | - | Important | 5.5 | 5.1 |
| Chromium: CVE-2022-4174 Type Confusion in V8 | |||||||
| CVE-2022-4174 | No | No | - | - | - | ||
| Chromium: CVE-2022-4175 Use after free in Camera Capture | |||||||
| CVE-2022-4175 | No | No | - | - | - | ||
| Chromium: CVE-2022-4177 Use after free in Extensions | |||||||
| CVE-2022-4177 | No | No | - | - | - | ||
| Chromium: CVE-2022-4178 Use after free in Mojo | |||||||
| CVE-2022-4178 | No | No | - | - | - | ||
| Chromium: CVE-2022-4179 Use after free in Audio | |||||||
| CVE-2022-4179 | No | No | - | - | - | ||
| Chromium: CVE-2022-4180 Use after free in Mojo | |||||||
| CVE-2022-4180 | No | No | - | - | - | ||
| Chromium: CVE-2022-4181 Use after free in Forms | |||||||
| CVE-2022-4181 | No | No | - | - | - | ||
| Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames | |||||||
| CVE-2022-4182 | No | No | - | - | - | ||
| Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker | |||||||
| CVE-2022-4183 | No | No | - | - | - | ||
| Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill | |||||||
| CVE-2022-4184 | No | No | - | - | - | ||
| Chromium: CVE-2022-4185 Inappropriate implementation in Navigation | |||||||
| CVE-2022-4185 | No | No | - | - | - | ||
| Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads | |||||||
| CVE-2022-4186 | No | No | - | - | - | ||
| Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools | |||||||
| CVE-2022-4187 | No | No | - | - | - | ||
| Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS | |||||||
| CVE-2022-4188 | No | No | - | - | - | ||
| Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools | |||||||
| CVE-2022-4189 | No | No | - | - | - | ||
| Chromium: CVE-2022-4190 Insufficient data validation in Directory | |||||||
| CVE-2022-4190 | No | No | - | - | - | ||
| Chromium: CVE-2022-4191 Use after free in Sign-In | |||||||
| CVE-2022-4191 | No | No | - | - | - | ||
| Chromium: CVE-2022-4192 Use after free in Live Caption | |||||||
| CVE-2022-4192 | No | No | - | - | - | ||
| Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API | |||||||
| CVE-2022-4193 | No | No | - | - | - | ||
| Chromium: CVE-2022-4194 Use after free in Accessibility | |||||||
| CVE-2022-4194 | No | No | - | - | - | ||
| Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing | |||||||
| CVE-2022-4195 | No | No | - | - | - | ||
| DirectX Graphics Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44710 | Yes | No | - | - | Important | 7.8 | 6.8 |
| Guidance on Microsoft Signed Drivers Being Used Maliciously | |||||||
| ADV220005 | No | No | - | - | None | ||
| Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | |||||||
| CVE-2022-41127 | No | No | - | - | Critical | 8.5 | 7.4 |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44708 | No | No | Less Likely | Less Likely | Important | 8.3 | 7.2 |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||||
| CVE-2022-44688 | No | No | Less Likely | Less Likely | Moderate | 4.3 | 3.8 |
| Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41115 | No | No | - | - | Important | 6.6 | 5.8 |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||||
| CVE-2022-44692 | No | No | Unlikely | Unlikely | Important | 7.8 | 6.8 |
| CVE-2022-26804 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-26805 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-26806 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-47211 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-47212 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-47213 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Office OneNote Remote Code Execution Vulnerability | |||||||
| CVE-2022-44691 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| Microsoft Office Visio Remote Code Execution Vulnerability | |||||||
| CVE-2022-44694 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-44695 | No | No | - | - | Important | 7.8 | 6.8 |
| CVE-2022-44696 | No | No | - | - | Important | 7.8 | 6.8 |
| Microsoft Outlook for Mac Spoofing Vulnerability | |||||||
| CVE-2022-44713 | No | No | - | - | Important | 7.5 | 6.5 |
| Microsoft SharePoint Server Remote Code Execution Vulnerability | |||||||
| CVE-2022-44690 | No | No | - | - | Critical | 8.8 | 7.7 |
| CVE-2022-44693 | No | No | - | - | Critical | 8.8 | 7.7 |
| Microsoft Windows Sysmon Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44704 | No | No | - | - | Important | 7.8 | 6.8 |
| Outlook for Android Elevation of Privilege Vulnerability | |||||||
| CVE-2022-24480 | No | No | - | - | Important | 6.3 | 5.5 |
| PowerShell Remote Code Execution Vulnerability | |||||||
| CVE-2022-41076 | No | No | - | - | Critical | 8.5 | 7.4 |
| Raw Image Extension Remote Code Execution Vulnerability | |||||||
| CVE-2022-44687 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44675 | No | No | More Likely | More Likely | Important | 7.8 | 6.8 |
| Windows Bluetooth Driver Information Disclosure Vulnerability | |||||||
| CVE-2022-44674 | No | No | Less Likely | Less Likely | Important | 5.5 | 4.8 |
| Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44673 | No | No | Less Likely | More Likely | Important | 7.0 | 6.1 |
| Windows Contacts Remote Code Execution Vulnerability | |||||||
| CVE-2022-44666 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Error Reporting Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44669 | No | No | More Likely | Less Likely | Important | 7.0 | 6.1 |
| Windows Fax Compose Form Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41077 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Graphics Component Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44680 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-44697 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-41121 | No | No | Less Likely | More Likely | Important | 7.8 | 6.8 |
| CVE-2022-44671 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Graphics Component Information Disclosure Vulnerability | |||||||
| CVE-2022-44679 | No | No | Less Likely | Less Likely | Important | 6.5 | 5.7 |
| CVE-2022-41074 | No | No | Unlikely | Less Likely | Important | 5.5 | 4.8 |
| Windows Hyper-V Denial of Service Vulnerability | |||||||
| CVE-2022-44682 | No | No | - | - | Important | 6.8 | 5.9 |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||||
| CVE-2022-41094 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Kernel Denial of Service Vulnerability | |||||||
| CVE-2022-44707 | No | No | - | - | Important | 6.5 | 5.7 |
| Windows Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44683 | No | No | - | - | Important | 7.8 | 6.8 |
| Windows Media Remote Code Execution Vulnerability | |||||||
| CVE-2022-44667 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-44668 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44678 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
| CVE-2022-44681 | No | No | Unlikely | Unlikely | Important | 7.8 | 6.8 |
| Windows Projected File System Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44677 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | |||||||
| CVE-2022-44676 | No | No | Less Likely | Less Likely | Critical | 8.1 | 7.1 |
| CVE-2022-44670 | No | No | - | - | Critical | 8.1 | 7.1 |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||||
| CVE-2022-44698 | No | Yes | - | - | Moderate | 5.4 | 5.0 |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | |||||||
| CVE-2022-44689 | No | No | Less Likely | Less Likely | Important | 7.8 | 6.8 |
| Windows Terminal Remote Code Execution Vulnerability | |||||||
| CVE-2022-44702 | No | No | More Likely | Less Likely | Important | 7.8 | 6.8 |
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments