Tech giant Microsoft introduced its previous set of monthly security updates for 2022 with fixes for 49 vulnerabilities throughout its computer software goods.
Of the 49 bugs, six are rated Critical, 40 are rated Critical, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been tackled in the Chromium-dependent Edge browser because the begin of the month.
December’s Patch Tuesday plugs two zero-day vulnerabilities, a single which is actively exploited and one more issue which is stated as publicly disclosed at the time of launch.
The previous relates to CVE-2022-44698 (CVSS rating: 5.4), one particular of the three security bypass issues in Windows SmartScreen that could be exploited by a malicious actor to evade mark of the web (MotW) protections.
“It will allow attackers to craft documents that is not going to get tagged with Microsoft’s ‘Mark of the Web’ inspite of getting downloaded from untrusted internet sites,” Rapid7’s Greg Wiseman stated. “This suggests no Safeguarded See for Microsoft Place of work documents, earning it less difficult to get people to do sketchy factors like execute destructive macros.”
Publicly disclosed, but not noticed actively exploited, is CVE-2022-44710 (CVSS rating: 7.8), an elevation of privilege flaw in DirectX Graphics Kernel that could empower an adversary to acquire Procedure privileges.
“Effective exploitation of this vulnerability demands an attacker to get a race condition,” Microsoft pointed out in an advisory.
Also patched by Microsoft are many remote code execution bugs in Microsoft Dynamics NAV, Microsoft SharePoint Server, PowerShell, Windows Safe Socket Tunneling Protocol (SSTP), .NET Framework, Contacts, and Terminal.
Also, the update also resolves 11 remote code execution vulnerabilities in Microsoft Workplace Graphics, OneNote, and Visio, all of which are rated 7.8 in the CVSS scoring method.
Two of the 19 elevation of privilege flaws remediated this thirty day period contains fixes for the Windows Print Spooler element (CVE-2022-44678 and CVE-2022-44681, CVSS scores: 7.8), continuing a constant stream of patches launched by the business over the earlier yr.
Previous but not least, Microsoft has assigned the “Exploitation Additional Possible” tag to the PowerShell remote code execution vulnerability (CVE-2022-41076, CVSS rating: 8.5) and Windows Sysmon privilege escalation flaw (CVE-2022-44704, CVSS score: 7.8), creating it vital that people use updates to mitigate probable threats.
Program Patches from Other Vendors
In addition to Microsoft, security updates have also been introduced by other vendors in excess of the past two months to rectify a number of vulnerabilities, such as —
- Google Chrome
- Linux distributions Debian, Oracle Linux, Crimson Hat, SUSE, and Ubuntu
- Mozilla Firefox, Firefox ESR, and Thunderbird
- Schneider Electrical
- Pattern Micro, and
Found this report appealing? Comply with us on Twitter and LinkedIn to read through much more unique content we put up.
Some areas of this article are sourced from: