Microsoft Patch Tuesday – December 2022

In the last month of 2022, Microsoft has published fixes for 69 vulnerabilities, and 5 of them come from third parties integrated into Microsoft products. We have patches for 2 zero-days and 6 criticals. This December is a light month, but it’s typical for Microsoft. Overall, in 2022 Microsoft fixed over 900 CVEs in total. Let’s review patches for the last time this year.

CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability

Most probably related to the Mark of the Web bug patched last month. You can read more about CVE-2022-41091 here. In this case, a file could be created that evades the Mark of the Web detection and therefore bypasses security features such as Protected View in Microsoft Office. Don’t be fooled by the low rating (Moderate 5.6), because this one is already exploited by creating malicious JavaScript files that were signed using a malformed signature. Of course, it can be used in phishing attacks, so patch ASAP on your clients.

CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege Vulnerability

This vulnerability is publicly disclosed. Successful exploitation requires an attacker to win a race condition and could gain system privileges. Luckily the issue persists on Windows 11 22H2 only.

CVE-2022-44690, CVE-2022-44693 – Microsoft SharePoint Server Remote Code Execution Vulnerability

Here we have 2 vulnerabilities in SharePoint. Both are Critical with CVSS 8.8. In a network-based attack, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. This bug has been discovered in all supported SharePoint versions.

CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability

This bug could allow an authenticated user to escape from the PowerShell Remoting Session Configuration and run unapproved commands on a target system. As PowerShell is often abused by attackers, everybody should prioritize this fix.

CVE-2022-41127 – Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability

Successful exploitation could allow an attacker to execute code on the host server in the context of the service account Dynamics has been configured to use.

CVE-2022-44670, CVE-2022-44676 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

Successful exploitation of these vulnerabilities requires an attacker to win a race condition. An attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution on the RAS server machine.

Summary

Below you can see the most important CVEs released by Microsoft for December 2022 (zero-days, criticals, and with CVSS at least 8.0). Besides the vulnerabilities already mentioned, you can find also info about a bug in .NET.

CVE NumberCVE TitleSeverity (CVSS score)Attack VectorAttack ComplexityPrivileges RequiredUser interactionExploit Code MaturityApplicable for
CVE-2022-22047Windows SmartScreen Security Feature Bypass VulnerabilityModerate (5.4)NetworkLowNoneRequiredExploitedWindows 10+
Server 2016+
CVE-2022-30221DirectX Graphics Kernel Elevation of Privilege VulnerabilityImportant (7.8)LocalHighLowNonePublicly disclosedWindows 11 22H2
CVE-2022-22038Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical (8.8)NetworkLowLowNoneUnprovenSharePoint Foundation 2013 SP1
SharePoint Enterprise Server 2013 SP1
SharePoint Enterprise Server 2016,
SharePoint Server 2019,
SharePoint Server Subscription Edition
CVE-2022-22029Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical (8.8)NetworkLowLowNoneUnprovenSharePoint Foundation 2013 SP1
SharePoint Enterprise Server 2013 SP1
SharePoint Enterprise Server 2016,
SharePoint Server 2019,
SharePoint Server Subscription Edition
CVE-2022-22039PowerShell Remote Code Execution VulnerabilityCritical (8.5)NetworkHighLowNoneUnprovenWindows 7+
Windows Server 2008+
PowerShell 7.2, 7.3
CVE-2022-22026Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution VulnerabilityCritical (8.5)NetworkHighLowNoneUnprovenMicrosoft Dynamics NAV 2016+
Dynamics 365 Business Central Spring 2019
Microsoft Dynamics 365 Business Central 2020+
CVE-2022-30216Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-30222Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution VulnerabilityCritical (8.1)NetworkHighNoneNoneUnprovenWindows 7+
Server 2008+
CVE-2022-33674.NET Framework Remote Code Execution VulnerabilityImportant (8.8)NetworkLowNoneRequiredUnproven.NET 6.0, 7.0
.NET Core 3.1
Visual Studio 2022 17.0, 17.2, 17.4
Visual Studio 2019 16.11-
.NET Framework 3.5 / 4.8 / 4.8.1 on Windows Server 2022 / Windows 11
.NET Framework 3.5 / 4.7.2 / 4.8 on Windows Server 2019
.NET Framework 4.8 on Windows Server 2016
.NET Framework 3.5 / 4.6.2 / 4.7 / 4.7.1 /4.7.2 / 4.8 on Windows Server 2012 / 2012 R2
.NET Framework 2.0 SP2 / 3.0 SP2 / 4.6.2 on Windows Server 2008
.NET Framework 3.5.1 / 4.6.2 / 4.7 / 4.7.1 / 4.7.2 / 4.8 on Windows Server 2008 R2 / Windows 7
.NET Framework 3.5 / 4.6.2 / 4.7 / 4.7.1 / 4.7.2 / 4.8 on Windows 8.1
.NET Framework 3.5 / 4.6 / 4.6.2 / 4.7.2 / 4.8 / 4.8.1 on Windows 10

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top