Black Arrow Cyber Advisory 14/12/2022 – Microsoft Patch Tuesday – 48 Patches, Two Zero-Days Fixed, one under active exploitation

Executive Summary

Microsoft’s December Patch Tuesday provides 48 patches to address security issues across its product range. Also included are a critical patch to address an actively exploited Zero-Day vulnerability that allowed bypass of Mark Of The Web (MOTW) defences, as well as another publicly disclosed Zero-Day vulnerability which identified privilege escalation vulnerabilities with DirectX.

What’s the risk to me or my business?

Security updates are available for all supported versions of Windows. As some of these updates address vulnerabilities that are known to be actively exploited, the updates should be applied as soon as possible.

What can I do?

Apply the available updates from Microsoft as soon as possible, while taking into consideration any potential downtime that these updates may cause.

Technical Summary

The following is a breakdown of the two Zero-Day vulnerabilities which affected Microsoft products:

CVE-2022-44710: An elevation of privilege vulnerability with a CVSS rating of 7.8, which allows the user to gain System privileges.

CVE-2022-44698: A bypass vulnerability with a CVSS 3.1 rating of 5.4, which allowed an attacker to create a malicious file that would evade MOTW defences.

Further details on other specific updates within this Patch Tuesday can be found here: https://www.ghacks.net/2022/12/13/microsoft-windows-security-updates-december-2022-overview/

Need help understanding your gaps, or just want some advice? Get in touch with us.

Previous
Previous

Black Arrow Cyber Advisory 14/12/2022 – Adobe, Citrix and VMware release patches for vulnerabilities

Next
Next

Black Arrow Cyber Threat Briefing 09 December 2022