December 14, 2022Rabbi Lakshmananpatch management / vulnerabilities

Tech giant Microsoft has released the final set of monthly security updates for 2022. Fixed 49 vulnerabilities its entire software product.

Of the 49 bugs, 6 are rated critical, 40 critical, and 3 moderate. The update is 24 vulnerabilities It has been addressed in the Chromium-based Edge browser since the beginning of the month.

Tuesday’s patch fixed two zero-day vulnerabilities. One is actively exploited and the other is an open issue at the time of release.

the former is CVE-2022-44698 (CVSS score: 5.4), Three Security Bypass Issues Windows SmartScreen can be exploited by malicious actors to circumvent Mark of the Web (MotW) protections.

Please note that this issue, along with CVE-2022-41091 (CVSS score: 5.4), has been observed to be exploited by Magnivar ransomware actors to deliver malformed JavaScript files within ZIP archives .

cyber security

According to Rapid7’s Greg Wiseman, “An attacker could create a document that was downloaded from an untrusted site but was not tagged with Microsoft’s Mark of the Web.” , which means there is no Protected View of Microsoft Office documents, making it easy for users to do crude things like run malicious macros.”

Public, but not considered actively exploited CVE-2022-44710 (CVSS score: 7.8), a privilege escalation flaw in the DirectX graphics kernel that could allow an adversary to gain system privileges.

“Successfully exploiting this vulnerability requires an attacker to win a race condition,” Microsoft notes in the advisory.

Microsoft has also patched multiple remote code execution bugs in Microsoft Dynamics NAV, Microsoft SharePoint Server, PowerShell, Windows Secure Socket Tunneling Protocol (SSTP), .NET Framework, Contacts, and Terminal.

Additionally, this update resolves 11 remote code execution vulnerabilities in Microsoft Office Graphics, OneNote, and Visio. They are all rated 7.8 on the CVSS scoring system.

Two of the 19 privilege escalation flaws fixed this month were in the Windows Print Spooler component (CVE-2022-44678 When CVE-2022-44681CVSS score: 7.8), continuing the steady stream of patches released by the company over the past year.

Last but not least, Microsoft has identified a remote code execution vulnerability in PowerShell (CVE-2022-41076CVSS score: 8.5) and Windows Sysmon privilege escalation flaw (CVE-2022-44704CVSS score: 7.8), making it essential for users to apply updates to mitigate potential threats.

Software patches from other vendors

In addition to Microsoft, other vendors have released security updates over the past two weeks to fix several vulnerabilities, including:

Did you find this article interesting?Please follow us twitter When LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog