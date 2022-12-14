



Microsoft caps off 2022 with its usually mild patch Tuesday in December, with a total of 52 patches addressing six critical vulnerabilities and two low-severity zero-days.

The two zero-day bugs are tracked as CVE-2022-44698, the Windows SmartScreen Security Feature Bypass Vulnerability, with a CVSS score of 5.4 and a moderate severity. CVE-2022-44710 is an Elevation of Privilege (EoP) Vulnerability in DirectX Graphics Kernel, rated as Important with a CVSS score of 7.8.

Of these, the Windows SmartScreen vulnerability is known to be exploited in the wild, but has never been publicly disclosed. DirectX graphics kernel vulnerabilities, on the other hand, are the opposite.

Satnam Narang, Senior Staff Research Engineer at Tenable, assesses the impact of two zero-days: [is] A feature built into Windows that works in conjunction with the Mark of the Web (MOTW) feature to flag files downloaded from the Internet. Depending on how MOTW flags the file, SmartScreen will perform a reputation check.

This vulnerability could be exploited in multiple scenarios, including malicious websites and malicious attachments delivered via email or messaging services. To bypass SmartScreen, a potential victim would have to visit a malicious website or open a malicious attachment.

Microsoft has confirmed that this vulnerability is being exploited in the wild. The flaw is credited to Will Dormann, a security researcher who disclosed his CVE-2022-41049, a security feature bypass for MOTW, in the November Patch Tuesday release.

The second zero-day for the December Patch Tuesday release was published before the patch was available. He added that this is considered an unlikely exploitable flaw based on Microsoft’s Exploitability Index.

All six critical vulnerabilities lead to remote code execution (RCE) on the victim’s system if successfully exploited. they are:

Kev Breen, Director of Cyber ​​Threat Research at Immersive Labs, commented on some of the more impactful and critical vulnerabilities, noting that the PowerShell vulnerability in particular looked troubling.

Microsoft has not disclosed details about this vulnerability other than an exploit, but remote code execution is likely, and a successful exploit would require an attacker to take additional steps to prepare the target environment. We also note that action needs to be taken, Breen said.

The required action is not clear. However, we know that the exploit requires authenticated user-level access. This combination suggests that the exploit requires a social engineering component, which is likely to be seen in initial infections using attacks such as MalDocs and LNK files, he added.

Social engineering attacks commonly target employees at all levels of an organization. While it is true that some users can be a vulnerable link in cybersecurity, they are also your first line of defense. Upskilling your employees is important.

Breen also flagged two vulnerabilities in SharePoint Server as priorities, saying such bugs should be high on the list for anyone using SharePoint internally.

This vulnerability could affect organizations that use SharePoint for internal wikis or document stores.Can be exploited by attackers [it] Steal sensitive information and use it in ransomware attacks, replace documents with newer versions containing malicious code, or create macros to affect other systems.

Of course, the 2022 Patch Tuesday update wouldn’t be a 2022 Patch Tuesday update without a fix for the Windows Print Spooler vulnerability. The attacker’s system privileges, but only locally.

Attackers have been targeting Windows Print Manager since PrintNightmare was published over a year ago, said Mike Walters, vice president of vulnerability and threat research at Action1.

Since then, I’ve encountered this type of vulnerability almost every month. Similarly, this flood of patches may continue after his CVE-2022-44678.

Windows Print Manager clearly has many flaws, and IT teams should take the risks from the Print Spooler vulnerability seriously. So if you don’t use it, disable it even if you have all the latest patches installed. Attackers will keep digging this rabbit hole over and over again, he said.

