Another Microsoft Patch Tuesday has rolled out, fixing a total of 49 vulnerabilities. In terms of severity and impact, six of these vulnerabilities are critical, 40 important, and the rest – moderate.
Microsoft December 2022 Patch Tuesday: Affected Products
So, what products have been affected by these 49 vulnerabilities? Microsoft has provided a list, including the following products, features and roles across the company’s portfolio:
.NET FrameworkAzureClient Server Run-time Subsystem (CSRSS)Microsoft Bluetooth DriverMicrosoft DynamicsMicrosoft Edge (Chromium-based)Microsoft Graphics ComponentMicrosoft OfficeMicrosoft Office OneNoteMicrosoft Office OutlookMicrosoft Office SharePointMicrosoft Office VisioMicrosoft Windows Codecs LibraryRole: Windows Hyper-VSysInternalsWindows CertificatesWindows ContactsWindows DirectXWindows Error ReportingWindows Fax Compose FormWindows HTTP Print ProviderWindows KernelWindows PowerShellWindows Print Spooler ComponentsWindows Projected File SystemWindows Secure Socket Tunneling Protocol (SSTP)Windows SmartScreenWindows Subsystem for LinuxWindows Terminal
Of the fixed security flaws, two are zero-days, one of which is actively exploited (and the other one publicly disclosed. In terms of their type, the vulnerabilities are elevation of privilege, security feature bypass, remote code execution, information disclosure, denial-of-service, and spoofing. In addition, earlier this month, the company fixed twenty-five vulnerabilities in its Edge browser.
Two Zero-Day Vulnerabilities Fixed: CVE-2022-44698 and CVE-2022-44710
CVE-2022-44698 is a “Windows SmartScreen Security Feature Bypass Vulnerability”, which was actively exploited in the wild. How can an attacker exploit the issue? By crafting a malicious file that evades Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features that rely on MOTW tagging (e.g. Protected View in Microsoft Office). The zero-day was exploited by creating malicious JavaScript files signed by a compromi ..
Support the originator by clicking the read the rest link below.