Black Arrow Cyber Advisory 14/12/2022 – Microsoft Patch Tuesday – 48 Patches, Two Zero-Days Fixed, one under active exploitation
Executive Summary
Microsoft’s December Patch Tuesday provides 48 patches to address security issues across its product range. Also included are a critical patch to address an actively exploited Zero-Day vulnerability that allowed bypass of Mark Of The Web (MOTW) defences, as well as another publicly disclosed Zero-Day vulnerability which identified privilege escalation vulnerabilities with DirectX.
What’s the risk to me or my business?
Security updates are available for all supported versions of Windows. As some of these updates address vulnerabilities that are known to be actively exploited, the updates should be applied as soon as possible.
What can I do?
Apply the available updates from Microsoft as soon as possible, while taking into consideration any potential downtime that these updates may cause.
Technical Summary
The following is a breakdown of the two Zero-Day vulnerabilities which affected Microsoft products:
CVE-2022-44710: An elevation of privilege vulnerability with a CVSS rating of 7.8, which allows the user to gain System privileges.
CVE-2022-44698: A bypass vulnerability with a CVSS 3.1 rating of 5.4, which allowed an attacker to create a malicious file that would evade MOTW defences.
Further details on other specific updates within this Patch Tuesday can be found here: https://www.ghacks.net/2022/12/13/microsoft-windows-security-updates-december-2022-overview/
Need help understanding your gaps, or just want some advice? Get in touch with us.