Tech giant Microsoft has released the final set of monthly security updates for 2022. Fixed 49 vulnerabilities its entire software product.
Of the 49 bugs, 6 are rated critical, 40 critical, and 3 moderate. The update is 24 vulnerabilities It has been addressed in the Chromium-based Edge browser since the beginning of the month.
Tuesday’s patch fixed two zero-day vulnerabilities. One is actively exploited and the other is an open issue at the time of release.
the former is CVE-2022-44698 (CVSS score: 5.4), Three Security Bypass Issues Windows SmartScreen can be exploited by malicious actors to circumvent Mark of the Web (MotW) protections.
Please note that this issue, along with CVE-2022-41091 (CVSS score: 5.4), has been observed to be exploited by Magnivar ransomware actors to deliver malformed JavaScript files within ZIP archives .
According to Rapid7’s Greg Wiseman, “An attacker could create a document that was downloaded from an untrusted site but was not tagged with Microsoft’s Mark of the Web.” , which means there is no Protected View of Microsoft Office documents, making it easy for users to do crude things like run malicious macros.”
Public, but not considered actively exploited CVE-2022-44710 (CVSS score: 7.8), a privilege escalation flaw in the DirectX graphics kernel that could allow an adversary to gain system privileges.
“Successfully exploiting this vulnerability requires an attacker to win a race condition,” Microsoft notes in the advisory.
Microsoft has also patched multiple remote code execution bugs in Microsoft Dynamics NAV, Microsoft SharePoint Server, PowerShell, Windows Secure Socket Tunneling Protocol (SSTP), .NET Framework, Contacts, and Terminal.
Additionally, this update resolves 11 remote code execution vulnerabilities in Microsoft Office Graphics, OneNote, and Visio. They are all rated 7.8 on the CVSS scoring system.
Two of the 19 privilege escalation flaws fixed this month were in the Windows Print Spooler component (CVE-2022-44678 When CVE-2022-44681CVSS score: 7.8), continuing the steady stream of patches released by the company over the past year.
Last but not least, Microsoft has identified a remote code execution vulnerability in PowerShell (CVE-2022-41076CVSS score: 8.5) and Windows Sysmon privilege escalation flaw (CVE-2022-44704CVSS score: 7.8), making it essential for users to apply updates to mitigate potential threats.
Software patches from other vendors
In addition to Microsoft, other vendors have released security updates over the past two weeks to fix several vulnerabilities, including: