December Patch Tuesday Updates
Microsoft releases 52 fixes this month including 6 Critical, one Public Aware and one Weaponised Threat.
There are 6 Rated Critical, 43 are rated Important and the remaining 3 are rated Moderate. Microsoft Windows and Windows Components, MS Azure, Office Components, Sysinternals, Microsoft Edge, SharePoint Server and .NET framework have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We are ending the year with the smallest release of fixes of the year, which could be well for companies which have a change freeze during the December period, however I would urge all IT Departments to deploy the recommendations below as they pose a serious risk to your network if left unresolved.”
Syxsense Recommendations
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.
CVE-2022-44698 Windows SmartScreen Security Feature Bypass Vulnerability
An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defences, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. This is the second time in as many months where this vulnerability has seen a fix, and as this is vulnerable on almost every Windows operating system you may need to deploy this to your entire enterprise even if you have observed a change freeze.
Note: The vulnerability is Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 5.4
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Unchanged / No
CVE-2022-44710 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are very few details released by Microsoft for this Elevation of Privilege (EoP) vulnerability however we do know this requires an attacker to win a race condition on Windows 11. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges and if they could do that, then the vulnerability has a Jump Point meaning they are able to breakout of the vulnerable component and into another area of the Operating System. Since there are no known countermeasures the only option is to deploy this patch.
Note: The vulnerability has been made Publicly aware.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Changed / Yes
CVE-2022-41076 PowerShell Remote Code Execution Vulnerability
An authenticated attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. Although the attack complexity is High, this only means that this vulnerability cannot be exploited directly and require additional actions on the target environment however this should not reduce the severity of this, we know several other vulnerabilities can provide a platform for more sophisticated attacks. Microsoft are also advising this vulnerability is more likely to be exploited, although at present there are no indicators that it has done so.
Note: The vulnerability has a Jump Point
Syxscore
- Vendor Severity: Critical
- CVSS: 8.5
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Changed / Yes
Syxsense Cortex Workflows are being set up to remediate all of December’s patches with the click of a button.
If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.
Microsoft’s December Patch Tuesday Fixes
| Reference | Description | Vendor Severity | CVSS Score | Publicly Aware | Weaponised | Countermeasure | Additional Details | Syxsense Recommended |
| CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability | Moderate | 5.4 | No | Yes | No | An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defences, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. | Yes |
| CVE-2022-44710 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | Important | 7.8 | Yes | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | Yes |
| This vulnerability has a Jump Point meaning it is able to breakout of the vulnerable component. | ||||||||
| CVE-2022-44690 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes | |
| CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical | 8.8 | No | No | No | Yes | |
| CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability | Important | 8.8 | No | No | No | Yes | |
| CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability | Critical | 8.5 | No | No | No | This vulnerability has a Jump Point meaning it is able to breakout of the vulnerable component. | Yes |
| CVE-2022-41076 | PowerShell Remote Code Execution Vulnerability | Critical | 8.5 | No | No | No | Exploitation More Likely. Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. | Yes |
| This vulnerability has a Jump Point meaning it is able to breakout of the vulnerable component. | ||||||||
| CVE-2022-44708 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | Important | 8.3 | No | No | No | This vulnerability has a Jump Point meaning it is able to breakout of the vulnerable component. | Yes |
| CVE-2022-44670 | Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | ||
| CVE-2022-44676 | Windows Secure Socket Tunnelling Protocol (SSTP) Remote Code Execution Vulnerability | Critical | 8.1 | No | No | No | ||
| CVE-2022-26804 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-26805 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-26806 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44692 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-47211 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-47212 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-47213 | Microsoft Office Graphics Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44691 | Microsoft Office OneNote Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44694 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44695 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44696 | Microsoft Office Visio Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44704 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Exploitation More Likely | |
| CVE-2022-44687 | Raw Image Extension Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44675 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Exploitation More Likely | |
| CVE-2022-44666 | Windows Contacts Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-41121 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain specific limited SYSTEM privileges. | |
| CVE-2022-44671 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | Exploitation More Likely | |
| CVE-2022-44680 | Windows Graphics Component Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-41094 | Windows Hyper-V Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44683 | Windows Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44667 | Windows Media Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44668 | Windows Media Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44678 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44681 | Windows Print Spooler Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44677 | Windows Projected File System Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44689 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | Important | 7.8 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2022-44702 | Windows Terminal Remote Code Execution Vulnerability | Important | 7.8 | No | No | No | ||
| CVE-2022-44697 | Windows Graphics Component Elevation of Privilege Vulnerability | Moderate | 7.8 | No | No | No | ||
| CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability | Important | 7.5 | No | No | No | ||
| CVE-2022-44673 | Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability | Important | 7 | No | No | No | An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. | |
| CVE-2022-44669 | Windows Error Reporting Elevation of Privilege Vulnerability | Important | 7 | No | No | No | ||
| CVE-2022-44682 | Windows Hyper-V Denial of Service Vulnerability | Important | 6.8 | No | No | No | This vulnerability has a Jump Point meaning it is able to breakout of the vulnerable component. | |
| CVE-2022-41115 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | Important | 6.6 | No | No | No | ||
| CVE-2022-44679 | Windows Graphics Component Information Disclosure Vulnerability | Important | 6.5 | No | No | No | This vulnerability has a Jump Point meaning it is able to breakout of the vulnerable component. | |
| CVE-2022-44707 | Windows Kernel Denial of Service Vulnerability | Important | 6.5 | No | No | No | ||
| CVE-2022-44684 | Windows Local Session Manager (LSM) Denial of Service Vulnerability | Important | 6.5 | No | No | No | ||
| CVE-2022-24480 | Outlook for Android Elevation of Privilege Vulnerability | Important | 6.3 | No | No | No | ||
| CVE-2022-44674 | Windows Bluetooth Driver Information Disclosure Vulnerability | Important | 5.5 | No | No | No | ||
| CVE-2022-41074 | Windows Graphics Component Information Disclosure Vulnerability | Important | 5.5 | No | No | No | Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. | |
| CVE-2022-44699 | Azure Network Watcher Agent Security Feature Bypass Vulnerability | Important | 4.4 | No | No | No | ||
| CVE-2022-44688 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Moderate | 4.3 | No | No | No |