December Patch Tuesday Updates
Microsoft releases 52 fixes this month including 6 Critical, one Public Aware and one Weaponised Threat.
There are 6 Rated Critical, 43 are rated Important and the remaining 3 are rated Moderate. Microsoft Windows and Windows Components, MS Azure, Office Components, Sysinternals, Microsoft Edge, SharePoint Server and .NET framework have all received fixes this month.
Robert Brown, Head of Customer Success for Syxsense said, “We are ending the year with the smallest release of fixes of the year, which could be well for companies which have a change freeze during the December period, however I would urge all IT Departments to deploy the recommendations below as they pose a serious risk to your network if left unresolved.”
Syxsense Recommendations
Based on the Vendor Severity & CVSS Score, we have made a few recommendations below. As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.
CVE-2022-44698 Windows SmartScreen Security Feature Bypass Vulnerability
An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defences, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. This is the second time in as many months where this vulnerability has seen a fix, and as this is vulnerable on almost every Windows operating system you may need to deploy this to your entire enterprise even if you have observed a change freeze.
Note: The vulnerability is Weaponised
Syxscore
- Vendor Severity: Important
- CVSS: 5.4
- Weaponised: Yes
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: Low
- Privileges: None
- User Interaction: Required
- Scope (Jump Point): Unchanged / No
CVE-2022-44710 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are very few details released by Microsoft for this Elevation of Privilege (EoP) vulnerability however we do know this requires an attacker to win a race condition on Windows 11. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges and if they could do that, then the vulnerability has a Jump Point meaning they are able to breakout of the vulnerable component and into another area of the Operating System. Since there are no known countermeasures the only option is to deploy this patch.
Note: The vulnerability has been made Publicly aware.
Syxscore
- Vendor Severity: Important
- CVSS: 7.8
- Weaponised: No
- Public Aware: Yes
- Countermeasure: No
Syxscore Risk
- Attack Vector: Local
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Changed / Yes
CVE-2022-41076 PowerShell Remote Code Execution Vulnerability
An authenticated attacker could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. Although the attack complexity is High, this only means that this vulnerability cannot be exploited directly and require additional actions on the target environment however this should not reduce the severity of this, we know several other vulnerabilities can provide a platform for more sophisticated attacks. Microsoft are also advising this vulnerability is more likely to be exploited, although at present there are no indicators that it has done so.
Note: The vulnerability has a Jump Point
Syxscore
- Vendor Severity: Critical
- CVSS: 8.5
- Weaponised: No
- Public Aware: No
- Countermeasure: No
Syxscore Risk
- Attack Vector: Network
- Attack Complexity: High
- Privileges: Low
- User Interaction: None
- Scope (Jump Point): Changed / Yes
Syxsense Cortex Workflows are being set up to remediate all of December’s patches with the click of a button.
If you would like to see how Syxsense can help you automate your patch remediation process, click to schedule a customized demo.
