Report Name: Microsoft Patch Tuesday, December 2022
Generated: 2022-12-23 22:39:09

Product Name	Prevalence	U	C	H	M	L	Comment
Windows Kernel	0.9			1	1		Windows Kernel
.NET Framework	0.8			1			.NET Framework
DirectX Graphics Kernel	0.8				1		DirectX Graphics Kernel
Microsoft Edge	0.8		2	4	26		Web browser
Microsoft PowerShell	0.8			1			PowerShell or Microsoft PowerShell (formerly Windows PowerShell) is a task automation and configuration management program from Microsoft, consisting of a command-line shell and the associated scripting language
Microsoft Windows Sysmon	0.8				1		Windows component
Windows Bluetooth Driver	0.8				2		Windows component
Windows Client Server Run-Time Subsystem (CSRSS)	0.8				1		Windows component
Windows Contacts	0.8			1			Windows component
Windows Error Reporting	0.8				1		Windows component
Windows Graphics Component	0.8				6		Windows component
Windows Media	0.8			2			Windows component
Windows Print Spooler	0.8				2		Windows component
Windows Projected File System	0.8				1		Windows component
Windows Secure Socket Tunneling Protocol (SSTP)	0.8			2			Windows component
Windows SmartScreen	0.8		1				Windows component
Windows Subsystem for Linux (WSL2) Kernel	0.8				1		Windows component
Windows Terminal	0.8			1			Windows component
Microsoft SharePoint	0.7			2			Microsoft SharePoint
Raw Image Extension	0.7			1			Raw Image Extension
Windows Fax Compose Form	0.7				1		Windows component
Microsoft Office	0.6			1			Microsoft Office
Microsoft Office Graphics	0.6			7			Microsoft Office Graphics
Microsoft Office Visio	0.6			3			Microsoft Visio
Microsoft Outlook	0.6				1		MS Office product
Windows Hyper-V	0.6				2		Hardware virtualization component of the client editions of Windows NT
Azure Network Watcher Agent	0.5			1			Azure Network Watcher Agent
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises)	0.5			1			Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises)
Outlook for Android	0.5				1		Outlook for Android

Vulnerability Type	Criticality	U	C	H	M	L	Comment
Remote Code Execution	1.0			23			Remote Code Execution
Security Feature Bypass	0.9		1	4	6		Security Feature Bypass
Denial of Service	0.7			1	1		Denial of Service
Memory Corruption	0.6		2	1	15		Memory Corruption
Elevation of Privilege	0.5				19		Elevation of Privilege
Information Disclosure	0.4				3		Information Disclosure
Spoofing	0.4				2		Spoofing
Unknown Vulnerability Type	0				2		Unknown Vulnerability Type

Urgent (0)

Critical (3)

1. Security Feature Bypass - Windows SmartScreen (CVE-2022-44698) - Critical [782]

Description: Windows SmartScreen Security Feature Bypass Vulnerability.

qualys: CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability  This vulnerability has a CVSSv3.1 score of 5.4/10.  This vulnerability is rated as Moderate, and it appears to be related to Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41091) from last month. Simply, a specially crafted file could be constructed to bypass the Mark of the Web (MOTW) defenses mechanism. It removes the MOTW feature from the file or makes it so that the MOTW isn’t recognized by the security features that Microsoft provides and lets you open files without warnings. This will result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. With the significant number of phishing attacks every day depending on users opening malicious files/attachments, these types of protection act as essential means to prevent attacks. Patching this vulnerability is highly recommended. Exploitability Assessment: Exploitation Detected 

qualys: CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability  This vulnerability has a CVSSv3.1 score of 7.5/10.  This security bug is rated as important and a spoofing vulnerability, which we want to emphasize since it relates to email clients. This vulnerability could allow an attacker to appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user. If we mix this bug along with above mention Windows SmartScreen Security Feature Bypass (CVE-2022-44698), it will be very destructive. Users could get emails that look like they are coming from trusted users with malicious attachments, and not many users wouldn’t open them. Exploitability Assessment: Exploitation Less Likely  

tenable: Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).

tenable: CVE-2022-44698 is a security feature bypass vulnerability in the Windows operating system. This is a mark of the web (MoTW) vulnerability similar to those patched in the November 2022 Patch Tuesday release. All of these MoTW vulnerabilities prevent specially crafted downloads from being marked as being from the web, which affects the integrity and availability of security features that utilize MoTW tagging. This vulnerability was disclosed by Will Dormann.

rapid7: There are two zero-days in the mix today. CVE-2022-44698 is a bypass of the Windows SmartScreen security feature, and has been seen exploited in the wild. It allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web” despite being downloaded from untrusted sites. This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros. Publicly disclosed, but not seen actively exploited, is CVE-2022-44710. It’s a classic elevation of privilege vulnerability affecting the DirectX graphics kernel on Windows 11 22H2 systems.

2. Memory Corruption - Microsoft Edge (CVE-2022-4135) - Critical [651]

Description: Chromium: CVE-2022-4135 Heap buffer overflow in GPU. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2022-4135 exists in the wild.

MS PT Extended: CVE-2022-4135 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

3. Memory Corruption - Microsoft Edge (CVE-2022-4262) - Critical [637]

Description: Chromium: CVE-2022-4262 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware that an exploit for CVE-2022-4262 exists in the wild.

MS PT Extended: CVE-2022-4262 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

High (29)

4. Security Feature Bypass - Azure Network Watcher Agent (CVE-2022-44699) - High [495]

Description: Azure Network Watcher Agent Security Feature Bypass Vulnerability.

qualys: There are three Denial-of-Service (DOS) vulnerabilities that is patched this month. The Windows Hyper-V Denial of Service Vulnerability (CVE-2022-44682) affects the Hyper-V host’s functionality. Microsoft did not provide many details. Moreover, it is never good when a guest operating system can adversely influence the host OS. There are 18 patches addressing Elevation of Privilege (EoP) vulnerabilities, which mostly require an authenticated user to execute specifically crafted code to escalate privileges. There are a few bugs in the Print Spooler service, which is an appendage of PrintNightmare. The DirectX Graphics Kernel Elevation of Privilege Vulnerability(CVE-2022-44710) is listed as public in this month’s release. The Azure Network Watcher Agent Security Feature Bypass Vulnerability (CVE-2022-44699) is another important one this month since it could allow an attacker to end the packet capture from the Network Watcher agent, which could result in logs being missed. Any organization that uses VM extension for log collection should treat this as a critical bug. The Microsoft Edge (Chromium-based) spoofing bug is receiving a patch that allows an attacker to change the content of the autofill box. This month we have a new advisory (ADV220005) providing further recommendations on third-party drivers certified by the Microsoft Windows Hardware Developer Program. Microsoft stated that drivers that appear to be approved/certified by this program had been seen in the wild.

5. Remote Code Execution - .NET Framework (CVE-2022-41089) - High [462]

Description: .NET Framework Remote Code Execution Vulnerability.

qualys: CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.8/10.  This security update handles a security flaw where restricted mode is triggered for the parsing of XPS files. The XPS documents utilize structural or semantic elements like table structure, storyboards, or hyperlinks. This vulnerability may cause it to not display correctly in WPF-based readers, preventing gadget chains which could allow remote code execution on an affected system.  There is also a workaround regarding this issue.   Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation less likely

tenable: CVE-2022-41089 is an unauthenticated RCE vulnerability in Microsoft.NET framework with a CVSSv3 score of 8.8 and low attack complexity. However, successful exploitation requires user interaction, making exploitation less likely. Discovery is credited to Nick Landers with NetSPI and Eleftherios Panos with Nettitude.

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

6. Remote Code Execution - Microsoft PowerShell (CVE-2022-41076) - High [462]

Description: PowerShell Remote Code Execution Vulnerability.

qualys: CVE-2022-41076 | PowerShell Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.5/10.  This critical vulnerability affects PowerShell where any authenticate user, regardless of its privilege could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. It is worth mentioning that, typically after the initial breach, attackers use the tools available on the system to keep the preserve or advance around a network, and PowerShell is one of the more capable tools they can find. We highly recommend testing and patching this bug. Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation More Likely 

tenable: CVE-2022-41076 is a RCE vulnerability in Windows Powershell that received a CVSSv3 score of 8.5 and was rated as "Exploitation more likely" according to Microsoft's Exploitability Index. Exploitation of this flaw requires that an authenticated attacker first prepare the target. While the advisory does not detail what actions must be taken, it does note that any authenticated attacker can exploit this vulnerability and no elevated privileges are required. Successful exploitation would allow an attacker to run arbitrary commands on an affected system.

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

7. Remote Code Execution - Windows Contacts (CVE-2022-44666) - High [462]

Description: Windows Contacts Remote Code Execution Vulnerability.

8. Remote Code Execution - Windows Media (CVE-2022-44667) - High [462]

Description: Windows Media Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44668.

9. Remote Code Execution - Windows Media (CVE-2022-44668) - High [462]

Description: Windows Media Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44667.

10. Remote Code Execution - Windows Secure Socket Tunneling Protocol (SSTP) (CVE-2022-44670) - High [462]

Description: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44676.

qualys: CVE-2022-44670 and CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.1/10.  This critical vulnerability affects Windows Secure Socket Tunneling Protocol (SSTP), and according to Microsoft, an attacker would need to win a race condition to successfully exploit these bugs. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. If you do not have this service, we recommend disabling it. Otherwise, test and deploy these patches immediately. Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation Unlikely  

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

11. Remote Code Execution - Windows Secure Socket Tunneling Protocol (SSTP) (CVE-2022-44676) - High [462]

Description: Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44670.

qualys: CVE-2022-44670 and CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.1/10.  This critical vulnerability affects Windows Secure Socket Tunneling Protocol (SSTP), and according to Microsoft, an attacker would need to win a race condition to successfully exploit these bugs. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. If you do not have this service, we recommend disabling it. Otherwise, test and deploy these patches immediately. Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation Unlikely  

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

12. Remote Code Execution - Windows Terminal (CVE-2022-44702) - High [462]

Description: Windows Terminal Remote Code Execution Vulnerability.

13. Remote Code Execution - Microsoft SharePoint (CVE-2022-44690) - High [456]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44693.

qualys: CVE-2022-44690 and CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.8/10.  This critical vulnerability affects Microsoft SharePoint Server, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. These two vulnerabilities affect the following version of Microsoft SharePoint:  Microsoft SharePoint Enterprise Server 2013 Service Pack 1 and 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition  Note: The customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.  Potential Impact is HIGH for Confidentiality, Integrity, and Availability.  A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.  Exploitability Assessment: Exploitation Less Likely 

tenable: CVE-2022-44690 and CVE-2022-44693 are RCE vulnerabilities in Microsoft SharePoint Server that both received a CVSSv3 score of 8.8. An authenticated attacker with permission to use Manage Lists in SharePoint could exploit these vulnerabilities to execute code remotely. Both vulnerabilities are rated as “Exploitation Less Likely.”

14. Remote Code Execution - Microsoft SharePoint (CVE-2022-44693) - High [456]

Description: Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44690.

qualys: CVE-2022-44690 and CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.8/10.  This critical vulnerability affects Microsoft SharePoint Server, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. These two vulnerabilities affect the following version of Microsoft SharePoint:  Microsoft SharePoint Enterprise Server 2013 Service Pack 1 and 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition  Note: The customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.  Potential Impact is HIGH for Confidentiality, Integrity, and Availability.  A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.  Exploitability Assessment: Exploitation Less Likely 

tenable: CVE-2022-44690 and CVE-2022-44693 are RCE vulnerabilities in Microsoft SharePoint Server that both received a CVSSv3 score of 8.8. An authenticated attacker with permission to use Manage Lists in SharePoint could exploit these vulnerabilities to execute code remotely. Both vulnerabilities are rated as “Exploitation Less Likely.”

15. Security Feature Bypass - Microsoft Edge (CVE-2022-4190) - High [455]

Description: Chromium: CVE-2022-4190 Insufficient data validation in Directory. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4190 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

16. Security Feature Bypass - Microsoft Edge (CVE-2022-4193) - High [455]

Description: Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4193 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

17. Remote Code Execution - Raw Image Extension (CVE-2022-44687) - High [443]

Description: Raw Image Extension Remote Code Execution Vulnerability.

18. Security Feature Bypass - Microsoft Edge (CVE-2022-4187) - High [428]

Description: Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4187 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

19. Remote Code Execution - Microsoft Office (CVE-2022-44691) - High [424]

Description: Microsoft Office OneNote Remote Code Execution Vulnerability.

20. Remote Code Execution - Microsoft Office Graphics (CVE-2022-26804) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.

21. Remote Code Execution - Microsoft Office Graphics (CVE-2022-26805) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.

22. Remote Code Execution - Microsoft Office Graphics (CVE-2022-26806) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.

23. Remote Code Execution - Microsoft Office Graphics (CVE-2022-44692) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213.

24. Remote Code Execution - Microsoft Office Graphics (CVE-2022-47211) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47212, CVE-2022-47213.

25. Remote Code Execution - Microsoft Office Graphics (CVE-2022-47212) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47213.

26. Remote Code Execution - Microsoft Office Graphics (CVE-2022-47213) - High [424]

Description: Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212.

27. Remote Code Execution - Microsoft Office Visio (CVE-2022-44694) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44695, CVE-2022-44696.

28. Remote Code Execution - Microsoft Office Visio (CVE-2022-44695) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44696.

29. Remote Code Execution - Microsoft Office Visio (CVE-2022-44696) - High [424]

Description: Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44695.

30. Memory Corruption - Microsoft Edge (CVE-2022-3890) - High [408]

Description: Chromium: CVE-2022-3890 Heap buffer overflow in Crashpad. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-3890 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

31. Denial of Service - Windows Kernel (CVE-2022-44707) - High [406]

Description: Windows Kernel Denial of Service Vulnerability.

32. Remote Code Execution - Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) (CVE-2022-41127) - High [405]

Description: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability.

qualys: CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.5/10.  This critical vulnerability affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On-Premises). This security flaw that could lead to a scope change allows an authenticated attacker to execute code on the host server (underlying operating system) in the context of the service account Dynamics configured to use. Since the Dynamics NAV opened the port, this could be used to connect with the Windows Communication Foundation (WCF) TCP protocol. As an authenticated user, the attacker could try to trigger malicious code in the context of the server’s account through a network call. Note that any guest-to-host escape should be taken very seriously.  Potential Impact is HIGH for Confidentiality, Integrity, and Availability.  A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.  Exploitability Assessment: Exploitation Less Likely  

Medium (48)

33. Memory Corruption - Microsoft Edge (CVE-2022-3885) - Medium [394]

Description: Chromium: CVE-2022-3885 Use after free in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-3885 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

34. Memory Corruption - Microsoft Edge (CVE-2022-3886) - Medium [394]

Description: Chromium: CVE-2022-3886 Use after free in Speech Recognition. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-3886 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

35. Memory Corruption - Microsoft Edge (CVE-2022-3887) - Medium [394]

Description: Chromium: CVE-2022-3887 Use after free in Web Workers. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-3887 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

36. Memory Corruption - Microsoft Edge (CVE-2022-3888) - Medium [394]

Description: Chromium: CVE-2022-3888 Use after free in WebCodecs. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-3888 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

37. Memory Corruption - Microsoft Edge (CVE-2022-3889) - Medium [394]

Description: Chromium: CVE-2022-3889 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-3889 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

38. Memory Corruption - Microsoft Edge (CVE-2022-4174) - Medium [394]

Description: Chromium: CVE-2022-4174 Type Confusion in V8. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4174 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

39. Memory Corruption - Microsoft Edge (CVE-2022-4175) - Medium [394]

Description: Chromium: CVE-2022-4175 Use after free in Camera Capture. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4175 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

40. Memory Corruption - Microsoft Edge (CVE-2022-4177) - Medium [394]

Description: Chromium: CVE-2022-4177 Use after free in Extensions. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4177 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

41. Memory Corruption - Microsoft Edge (CVE-2022-4178) - Medium [394]

Description: Chromium: CVE-2022-4178 Use after free in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4178 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

42. Memory Corruption - Microsoft Edge (CVE-2022-4179) - Medium [394]

Description: Chromium: CVE-2022-4179 Use after free in Audio. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4179 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

43. Memory Corruption - Microsoft Edge (CVE-2022-4180) - Medium [394]

Description: Chromium: CVE-2022-4180 Use after free in Mojo. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4180 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

44. Memory Corruption - Microsoft Edge (CVE-2022-4181) - Medium [394]

Description: Chromium: CVE-2022-4181 Use after free in Forms. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4181 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

45. Memory Corruption - Microsoft Edge (CVE-2022-4191) - Medium [394]

Description: Chromium: CVE-2022-4191 Use after free in Sign-In. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4191 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

46. Memory Corruption - Microsoft Edge (CVE-2022-4192) - Medium [394]

Description: Chromium: CVE-2022-4192 Use after free in Live Caption. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4192 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

47. Memory Corruption - Microsoft Edge (CVE-2022-4194) - Medium [394]

Description: Chromium: CVE-2022-4194 Use after free in Accessibility. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4194 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

48. Security Feature Bypass - Microsoft Edge (CVE-2022-4183) - Medium [387]

Description: Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4183 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

49. Security Feature Bypass - Microsoft Edge (CVE-2022-4184) - Medium [387]

Description: Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4184 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

50. Security Feature Bypass - Microsoft Edge (CVE-2022-4186) - Medium [387]

Description: Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4186 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

51. Security Feature Bypass - Microsoft Edge (CVE-2022-4188) - Medium [387]

Description: Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4188 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

52. Security Feature Bypass - Microsoft Edge (CVE-2022-4189) - Medium [387]

Description: Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4189 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

53. Security Feature Bypass - Microsoft Edge (CVE-2022-4195) - Medium [387]

Description: Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

MS PT Extended: CVE-2022-4195 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

54. Elevation of Privilege - Windows Kernel (CVE-2022-44683) - Medium [379]

Description: Windows Kernel Elevation of Privilege Vulnerability.

55. Elevation of Privilege - DirectX Graphics Kernel (CVE-2022-44710) - Medium [360]

Description: DirectX Graphics Kernel Elevation of Privilege Vulnerability.

qualys: There are three Denial-of-Service (DOS) vulnerabilities that is patched this month. The Windows Hyper-V Denial of Service Vulnerability (CVE-2022-44682) affects the Hyper-V host’s functionality. Microsoft did not provide many details. Moreover, it is never good when a guest operating system can adversely influence the host OS. There are 18 patches addressing Elevation of Privilege (EoP) vulnerabilities, which mostly require an authenticated user to execute specifically crafted code to escalate privileges. There are a few bugs in the Print Spooler service, which is an appendage of PrintNightmare. The DirectX Graphics Kernel Elevation of Privilege Vulnerability(CVE-2022-44710) is listed as public in this month’s release. The Azure Network Watcher Agent Security Feature Bypass Vulnerability (CVE-2022-44699) is another important one this month since it could allow an attacker to end the packet capture from the Network Watcher agent, which could result in logs being missed. Any organization that uses VM extension for log collection should treat this as a critical bug. The Microsoft Edge (Chromium-based) spoofing bug is receiving a patch that allows an attacker to change the content of the autofill box. This month we have a new advisory (ADV220005) providing further recommendations on third-party drivers certified by the Microsoft Windows Hardware Developer Program. Microsoft stated that drivers that appear to be approved/certified by this program had been seen in the wild.

tenable: Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).

rapid7: There are two zero-days in the mix today. CVE-2022-44698 is a bypass of the Windows SmartScreen security feature, and has been seen exploited in the wild. It allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web” despite being downloaded from untrusted sites. This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros. Publicly disclosed, but not seen actively exploited, is CVE-2022-44710. It’s a classic elevation of privilege vulnerability affecting the DirectX graphics kernel on Windows 11 22H2 systems.

56. Elevation of Privilege - Microsoft Edge (CVE-2022-44708) - Medium [360]

Description: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.

MS PT Extended: CVE-2022-44708 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

57. Elevation of Privilege - Microsoft Windows Sysmon (CVE-2022-44704) - Medium [360]

Description: Microsoft Windows Sysmon Elevation of Privilege Vulnerability.

58. Elevation of Privilege - Windows Bluetooth Driver (CVE-2022-44675) - Medium [360]

Description: Windows Bluetooth Driver Elevation of Privilege Vulnerability.

59. Elevation of Privilege - Windows Graphics Component (CVE-2022-41121) - Medium [360]

Description: Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44671, CVE-2022-44680, CVE-2022-44697.

60. Elevation of Privilege - Windows Graphics Component (CVE-2022-44671) - Medium [360]

Description: Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44680, CVE-2022-44697.

61. Elevation of Privilege - Windows Graphics Component (CVE-2022-44680) - Medium [360]

Description: Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44697.

62. Elevation of Privilege - Windows Graphics Component (CVE-2022-44697) - Medium [360]

Description: Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44680.

63. Elevation of Privilege - Windows Print Spooler (CVE-2022-44678) - Medium [360]

Description: Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44681.

tenable: CVE-2022-44678 and CVE-2022-44681 are EoP vulnerabilities in Windows Print Spooler components. As with their many predecessors, these vulnerabilities received a CVSSv3 score of 7.8. However, despite the similarities, Microsoft rated these as “Exploitation Less Likely” and “Exploitation Unlikely” respectively. Discovery is credited to researchers at the Qi'anxin Group.

64. Elevation of Privilege - Windows Print Spooler (CVE-2022-44681) - Medium [360]

Description: Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-44678.

tenable: CVE-2022-44678 and CVE-2022-44681 are EoP vulnerabilities in Windows Print Spooler components. As with their many predecessors, these vulnerabilities received a CVSSv3 score of 7.8. However, despite the similarities, Microsoft rated these as “Exploitation Less Likely” and “Exploitation Unlikely” respectively. Discovery is credited to researchers at the Qi'anxin Group.

65. Elevation of Privilege - Windows Projected File System (CVE-2022-44677) - Medium [360]

Description: Windows Projected File System Elevation of Privilege Vulnerability.

66. Elevation of Privilege - Windows Subsystem for Linux (WSL2) Kernel (CVE-2022-44689) - Medium [360]

Description: Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability.

67. Denial of Service - Windows Hyper-V (CVE-2022-44682) - Medium [350]

Description: Windows Hyper-V Denial of Service Vulnerability.

qualys: There are three Denial-of-Service (DOS) vulnerabilities that is patched this month. The Windows Hyper-V Denial of Service Vulnerability (CVE-2022-44682) affects the Hyper-V host’s functionality. Microsoft did not provide many details. Moreover, it is never good when a guest operating system can adversely influence the host OS. There are 18 patches addressing Elevation of Privilege (EoP) vulnerabilities, which mostly require an authenticated user to execute specifically crafted code to escalate privileges. There are a few bugs in the Print Spooler service, which is an appendage of PrintNightmare. The DirectX Graphics Kernel Elevation of Privilege Vulnerability(CVE-2022-44710) is listed as public in this month’s release. The Azure Network Watcher Agent Security Feature Bypass Vulnerability (CVE-2022-44699) is another important one this month since it could allow an attacker to end the packet capture from the Network Watcher agent, which could result in logs being missed. Any organization that uses VM extension for log collection should treat this as a critical bug. The Microsoft Edge (Chromium-based) spoofing bug is receiving a patch that allows an attacker to change the content of the autofill box. This month we have a new advisory (ADV220005) providing further recommendations on third-party drivers certified by the Microsoft Windows Hardware Developer Program. Microsoft stated that drivers that appear to be approved/certified by this program had been seen in the wild.

68. Elevation of Privilege - Microsoft Edge (CVE-2022-41115) - Medium [347]

Description: Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability.

MS PT Extended: CVE-2022-41115 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

69. Elevation of Privilege - Windows Client Server Run-Time Subsystem (CSRSS) (CVE-2022-44673) - Medium [347]

Description: Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability.

70. Elevation of Privilege - Windows Error Reporting (CVE-2022-44669) - Medium [347]

Description: Windows Error Reporting Elevation of Privilege Vulnerability.

71. Elevation of Privilege - Windows Fax Compose Form (CVE-2022-41077) - Medium [341]

Description: Windows Fax Compose Form Elevation of Privilege Vulnerability.

qualys: CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. Script

qualys: Stop-Service -Name Fax -Force | Out-Null Set-Service -Name Fax -StartupType Disabled | Out-Null Write-Host "Fax service has been stopped and disabled as part of workaround implementation. CVE-2022-41077 has been mitigated,"

qualys: CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. Policy Compliance Control IDs (CIDs): 1161 Status of the ‘Fax’ service 14916 Status of Windows Services

72. Information Disclosure - Windows Graphics Component (CVE-2022-44679) - Medium [327]

Description: Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-41074.

73. Elevation of Privilege - Windows Hyper-V (CVE-2022-41094) - Medium [322]

Description: Windows Hyper-V Elevation of Privilege Vulnerability.

74. Information Disclosure - Windows Bluetooth Driver (CVE-2022-44674) - Medium [313]

Description: Windows Bluetooth Driver Information Disclosure Vulnerability.

75. Information Disclosure - Windows Graphics Component (CVE-2022-41074) - Medium [313]

Description: Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-44679.

76. Spoofing - Microsoft Outlook (CVE-2022-44713) - Medium [302]

Description: Microsoft Outlook for Mac Spoofing Vulnerability.

qualys: CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability  This vulnerability has a CVSSv3.1 score of 7.5/10.  This security bug is rated as important and a spoofing vulnerability, which we want to emphasize since it relates to email clients. This vulnerability could allow an attacker to appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user. If we mix this bug along with above mention Windows SmartScreen Security Feature Bypass (CVE-2022-44698), it will be very destructive. Users could get emails that look like they are coming from trusted users with malicious attachments, and not many users wouldn’t open them. Exploitability Assessment: Exploitation Less Likely  

77. Spoofing - Microsoft Edge (CVE-2022-44688) - Medium [286]

Description: Microsoft Edge (Chromium-based) Spoofing Vulnerability.

MS PT Extended: CVE-2022-44688 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

78. Elevation of Privilege - Outlook for Android (CVE-2022-24480) - Medium [277]

Description: Outlook for Android Elevation of Privilege Vulnerability.

79. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-4182) - Medium [205]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-4182 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

80. Unknown Vulnerability Type - Microsoft Edge (CVE-2022-4185) - Medium [205]

Description: {'ms_cve_data_all': 'Chromium: CVE-2022-4185 Inappropriate implementation in Navigation. This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.\n', 'nvd_cve_data_all': '', 'attackerkb_cve_data_all': '', 'vulners_cve_data_all': 'Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium)', 'combined_cve_data_all': ''}

MS PT Extended: CVE-2022-4185 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

Low (0)

Exploitation in the wild detected (3)

Security Feature Bypass (1)

• Windows SmartScreen (CVE-2022-44698)

qualys: CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability  This vulnerability has a CVSSv3.1 score of 5.4/10.  This vulnerability is rated as Moderate, and it appears to be related to Windows Mark of the Web Security Feature Bypass Vulnerability (CVE-2022-41091) from last month. Simply, a specially crafted file could be constructed to bypass the Mark of the Web (MOTW) defenses mechanism. It removes the MOTW feature from the file or makes it so that the MOTW isn’t recognized by the security features that Microsoft provides and lets you open files without warnings. This will result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. With the significant number of phishing attacks every day depending on users opening malicious files/attachments, these types of protection act as essential means to prevent attacks. Patching this vulnerability is highly recommended. Exploitability Assessment: Exploitation Detected 

qualys: CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability  This vulnerability has a CVSSv3.1 score of 7.5/10.  This security bug is rated as important and a spoofing vulnerability, which we want to emphasize since it relates to email clients. This vulnerability could allow an attacker to appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user. If we mix this bug along with above mention Windows SmartScreen Security Feature Bypass (CVE-2022-44698), it will be very destructive. Users could get emails that look like they are coming from trusted users with malicious attachments, and not many users wouldn’t open them. Exploitability Assessment: Exploitation Less Likely  

tenable: Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).

tenable: CVE-2022-44698 is a security feature bypass vulnerability in the Windows operating system. This is a mark of the web (MoTW) vulnerability similar to those patched in the November 2022 Patch Tuesday release. All of these MoTW vulnerabilities prevent specially crafted downloads from being marked as being from the web, which affects the integrity and availability of security features that utilize MoTW tagging. This vulnerability was disclosed by Will Dormann.

rapid7: There are two zero-days in the mix today. CVE-2022-44698 is a bypass of the Windows SmartScreen security feature, and has been seen exploited in the wild. It allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web” despite being downloaded from untrusted sites. This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros. Publicly disclosed, but not seen actively exploited, is CVE-2022-44710. It’s a classic elevation of privilege vulnerability affecting the DirectX graphics kernel on Windows 11 22H2 systems.

Memory Corruption (2)

• Microsoft Edge (CVE-2022-4135, CVE-2022-4262)

MS PT Extended: CVE-2022-4135 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4262 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

Public exploit exists, but exploitation in the wild is NOT detected (0)

Other Vulnerabilities (77)

Security Feature Bypass (10)

• Azure Network Watcher Agent (CVE-2022-44699)

qualys: There are three Denial-of-Service (DOS) vulnerabilities that is patched this month. The Windows Hyper-V Denial of Service Vulnerability (CVE-2022-44682) affects the Hyper-V host’s functionality. Microsoft did not provide many details. Moreover, it is never good when a guest operating system can adversely influence the host OS. There are 18 patches addressing Elevation of Privilege (EoP) vulnerabilities, which mostly require an authenticated user to execute specifically crafted code to escalate privileges. There are a few bugs in the Print Spooler service, which is an appendage of PrintNightmare. The DirectX Graphics Kernel Elevation of Privilege Vulnerability(CVE-2022-44710) is listed as public in this month’s release. The Azure Network Watcher Agent Security Feature Bypass Vulnerability (CVE-2022-44699) is another important one this month since it could allow an attacker to end the packet capture from the Network Watcher agent, which could result in logs being missed. Any organization that uses VM extension for log collection should treat this as a critical bug. The Microsoft Edge (Chromium-based) spoofing bug is receiving a patch that allows an attacker to change the content of the autofill box. This month we have a new advisory (ADV220005) providing further recommendations on third-party drivers certified by the Microsoft Windows Hardware Developer Program. Microsoft stated that drivers that appear to be approved/certified by this program had been seen in the wild.

• Microsoft Edge (CVE-2022-4183, CVE-2022-4184, CVE-2022-4186, CVE-2022-4187, CVE-2022-4188, CVE-2022-4189, CVE-2022-4190, CVE-2022-4193, CVE-2022-4195)

MS PT Extended: CVE-2022-4195 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4184 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4193 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4190 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4183 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4187 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4189 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4186 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4188 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

Remote Code Execution (23)

• .NET Framework (CVE-2022-41089)

qualys: CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.8/10.  This security update handles a security flaw where restricted mode is triggered for the parsing of XPS files. The XPS documents utilize structural or semantic elements like table structure, storyboards, or hyperlinks. This vulnerability may cause it to not display correctly in WPF-based readers, preventing gadget chains which could allow remote code execution on an affected system.  There is also a workaround regarding this issue.   Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation less likely

tenable: CVE-2022-41089 is an unauthenticated RCE vulnerability in Microsoft.NET framework with a CVSSv3 score of 8.8 and low attack complexity. However, successful exploitation requires user interaction, making exploitation less likely. Discovery is credited to Nick Landers with NetSPI and Eleftherios Panos with Nettitude.

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

• Microsoft PowerShell (CVE-2022-41076)

qualys: CVE-2022-41076 | PowerShell Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.5/10.  This critical vulnerability affects PowerShell where any authenticate user, regardless of its privilege could escape the PowerShell Remoting Session Configuration and run unapproved commands on the target system. It is worth mentioning that, typically after the initial breach, attackers use the tools available on the system to keep the preserve or advance around a network, and PowerShell is one of the more capable tools they can find. We highly recommend testing and patching this bug. Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation More Likely 

tenable: CVE-2022-41076 is a RCE vulnerability in Windows Powershell that received a CVSSv3 score of 8.5 and was rated as "Exploitation more likely" according to Microsoft's Exploitability Index. Exploitation of this flaw requires that an authenticated attacker first prepare the target. While the advisory does not detail what actions must be taken, it does note that any authenticated attacker can exploit this vulnerability and no elevated privileges are required. Successful exploitation would allow an attacker to run arbitrary commands on an affected system.

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

• Windows Contacts (CVE-2022-44666)
• Windows Media (CVE-2022-44667, CVE-2022-44668)
• Windows Secure Socket Tunneling Protocol (SSTP) (CVE-2022-44670, CVE-2022-44676)

qualys: CVE-2022-44670 and CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.1/10.  This critical vulnerability affects Windows Secure Socket Tunneling Protocol (SSTP), and according to Microsoft, an attacker would need to win a race condition to successfully exploit these bugs. An unauthenticated attacker could send a specially crafted connection request to a RAS server, which could lead to remote code execution (RCE) on the RAS server machine. If you do not have this service, we recommend disabling it. Otherwise, test and deploy these patches immediately. Potential Impact is HIGH for Confidentiality, Integrity, and Availability.   A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.   Exploitability Assessment: Exploitation Unlikely  

rapid7: Administrators for SharePoint and Microsoft Dynamics deployments should be aware of Critical Remote Code Execution (RCE) vulnerabilities that need to be patched. Other Critical RCEs this month affect the Windows Secure Socket Tunneling Protocol (CVE-2022-44676 and CVE-2022-44670), .NET Framework (CVE-2022-41089), and PowerShell (CVE-2022-41076).

• Windows Terminal (CVE-2022-44702)
• Microsoft SharePoint (CVE-2022-44690, CVE-2022-44693)

qualys: CVE-2022-44690 and CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.8/10.  This critical vulnerability affects Microsoft SharePoint Server, an authenticated attacker with Manage List permissions could execute code remotely on the SharePoint Server. These two vulnerabilities affect the following version of Microsoft SharePoint:  Microsoft SharePoint Enterprise Server 2013 Service Pack 1 and 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition  Note: The customers running SharePoint Server 2013 Service Pack 1 can install the cumulative update or the security update, which is the same update as for Foundation Server 2013.  Potential Impact is HIGH for Confidentiality, Integrity, and Availability.  A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.  Exploitability Assessment: Exploitation Less Likely 

tenable: CVE-2022-44690 and CVE-2022-44693 are RCE vulnerabilities in Microsoft SharePoint Server that both received a CVSSv3 score of 8.8. An authenticated attacker with permission to use Manage Lists in SharePoint could exploit these vulnerabilities to execute code remotely. Both vulnerabilities are rated as “Exploitation Less Likely.”

• Raw Image Extension (CVE-2022-44687)
• Microsoft Office (CVE-2022-44691)
• Microsoft Office Graphics (CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212, CVE-2022-47213)
• Microsoft Office Visio (CVE-2022-44694, CVE-2022-44695, CVE-2022-44696)
• Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) (CVE-2022-41127)

qualys: CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability  This vulnerability has a CVSSv3.1 score of 8.5/10.  This critical vulnerability affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On-Premises). This security flaw that could lead to a scope change allows an authenticated attacker to execute code on the host server (underlying operating system) in the context of the service account Dynamics configured to use. Since the Dynamics NAV opened the port, this could be used to connect with the Windows Communication Foundation (WCF) TCP protocol. As an authenticated user, the attacker could try to trigger malicious code in the context of the server’s account through a network call. Note that any guest-to-host escape should be taken very seriously.  Potential Impact is HIGH for Confidentiality, Integrity, and Availability.  A complete vendor solution is available. Either the vendor has issued an official patch, or an upgrade is available.  Exploitability Assessment: Exploitation Less Likely  

Memory Corruption (16)

• Microsoft Edge (CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, CVE-2022-3888, CVE-2022-3889, CVE-2022-3890, CVE-2022-4174, CVE-2022-4175, CVE-2022-4177, CVE-2022-4178, CVE-2022-4179, CVE-2022-4180, CVE-2022-4181, CVE-2022-4191, CVE-2022-4192, CVE-2022-4194)

MS PT Extended: CVE-2022-3887 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4180 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4175 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-3889 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4177 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4194 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4179 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4178 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4181 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-3890 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4174 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4192 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-3885 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-3886 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4191 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-3888 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

Denial of Service (2)

• Windows Kernel (CVE-2022-44707)
• Windows Hyper-V (CVE-2022-44682)

qualys: There are three Denial-of-Service (DOS) vulnerabilities that is patched this month. The Windows Hyper-V Denial of Service Vulnerability (CVE-2022-44682) affects the Hyper-V host’s functionality. Microsoft did not provide many details. Moreover, it is never good when a guest operating system can adversely influence the host OS. There are 18 patches addressing Elevation of Privilege (EoP) vulnerabilities, which mostly require an authenticated user to execute specifically crafted code to escalate privileges. There are a few bugs in the Print Spooler service, which is an appendage of PrintNightmare. The DirectX Graphics Kernel Elevation of Privilege Vulnerability(CVE-2022-44710) is listed as public in this month’s release. The Azure Network Watcher Agent Security Feature Bypass Vulnerability (CVE-2022-44699) is another important one this month since it could allow an attacker to end the packet capture from the Network Watcher agent, which could result in logs being missed. Any organization that uses VM extension for log collection should treat this as a critical bug. The Microsoft Edge (Chromium-based) spoofing bug is receiving a patch that allows an attacker to change the content of the autofill box. This month we have a new advisory (ADV220005) providing further recommendations on third-party drivers certified by the Microsoft Windows Hardware Developer Program. Microsoft stated that drivers that appear to be approved/certified by this program had been seen in the wild.

Elevation of Privilege (19)

• Windows Kernel (CVE-2022-44683)
• DirectX Graphics Kernel (CVE-2022-44710)

qualys: There are three Denial-of-Service (DOS) vulnerabilities that is patched this month. The Windows Hyper-V Denial of Service Vulnerability (CVE-2022-44682) affects the Hyper-V host’s functionality. Microsoft did not provide many details. Moreover, it is never good when a guest operating system can adversely influence the host OS. There are 18 patches addressing Elevation of Privilege (EoP) vulnerabilities, which mostly require an authenticated user to execute specifically crafted code to escalate privileges. There are a few bugs in the Print Spooler service, which is an appendage of PrintNightmare. The DirectX Graphics Kernel Elevation of Privilege Vulnerability(CVE-2022-44710) is listed as public in this month’s release. The Azure Network Watcher Agent Security Feature Bypass Vulnerability (CVE-2022-44699) is another important one this month since it could allow an attacker to end the packet capture from the Network Watcher agent, which could result in logs being missed. Any organization that uses VM extension for log collection should treat this as a critical bug. The Microsoft Edge (Chromium-based) spoofing bug is receiving a patch that allows an attacker to change the content of the autofill box. This month we have a new advisory (ADV220005) providing further recommendations on third-party drivers certified by the Microsoft Windows Hardware Developer Program. Microsoft stated that drivers that appear to be approved/certified by this program had been seen in the wild.

tenable: Microsoft addresses 48 CVEs including two zero-day vulnerabilities, one that has been exploited in the wild (CVE-2022-44698) and one that was publicly disclosed prior to a patch being available (CVE-2022-44710).

rapid7: There are two zero-days in the mix today. CVE-2022-44698 is a bypass of the Windows SmartScreen security feature, and has been seen exploited in the wild. It allows attackers to craft documents that won’t get tagged with Microsoft’s “Mark of the Web” despite being downloaded from untrusted sites. This means no Protected View for Microsoft Office documents, making it easier to get users to do sketchy things like execute malicious macros. Publicly disclosed, but not seen actively exploited, is CVE-2022-44710. It’s a classic elevation of privilege vulnerability affecting the DirectX graphics kernel on Windows 11 22H2 systems.

• Microsoft Edge (CVE-2022-41115, CVE-2022-44708)

MS PT Extended: CVE-2022-44708 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-41115 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

• Microsoft Windows Sysmon (CVE-2022-44704)
• Windows Bluetooth Driver (CVE-2022-44675)
• Windows Graphics Component (CVE-2022-41121, CVE-2022-44671, CVE-2022-44680, CVE-2022-44697)
• Windows Print Spooler (CVE-2022-44678, CVE-2022-44681)

tenable: CVE-2022-44678 and CVE-2022-44681 are EoP vulnerabilities in Windows Print Spooler components. As with their many predecessors, these vulnerabilities received a CVSSv3 score of 7.8. However, despite the similarities, Microsoft rated these as “Exploitation Less Likely” and “Exploitation Unlikely” respectively. Discovery is credited to researchers at the Qi'anxin Group.

• Windows Projected File System (CVE-2022-44677)
• Windows Subsystem for Linux (WSL2) Kernel (CVE-2022-44689)
• Windows Client Server Run-Time Subsystem (CSRSS) (CVE-2022-44673)
• Windows Error Reporting (CVE-2022-44669)
• Windows Fax Compose Form (CVE-2022-41077)

qualys: CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. Script

qualys: Stop-Service -Name Fax -Force | Out-Null Set-Service -Name Fax -StartupType Disabled | Out-Null Write-Host "Fax service has been stopped and disabled as part of workaround implementation. CVE-2022-41077 has been mitigated,"

qualys: CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability This vulnerability has a CVSSv3.1 score of 7.8/10. Policy Compliance Control IDs (CIDs): 1161 Status of the ‘Fax’ service 14916 Status of Windows Services

• Windows Hyper-V (CVE-2022-41094)
• Outlook for Android (CVE-2022-24480)

Information Disclosure (3)

• Windows Graphics Component (CVE-2022-41074, CVE-2022-44679)
• Windows Bluetooth Driver (CVE-2022-44674)

Spoofing (2)

• Microsoft Outlook (CVE-2022-44713)

qualys: CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability  This vulnerability has a CVSSv3.1 score of 7.5/10.  This security bug is rated as important and a spoofing vulnerability, which we want to emphasize since it relates to email clients. This vulnerability could allow an attacker to appear as a trusted user when they should not be. This could cause a user to mistakenly trust a signed email message as if it came from a legitimate user. If we mix this bug along with above mention Windows SmartScreen Security Feature Bypass (CVE-2022-44698), it will be very destructive. Users could get emails that look like they are coming from trusted users with malicious attachments, and not many users wouldn’t open them. Exploitability Assessment: Exploitation Less Likely  

• Microsoft Edge (CVE-2022-44688)

MS PT Extended: CVE-2022-44688 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

Unknown Vulnerability Type (2)

• Microsoft Edge (CVE-2022-4182, CVE-2022-4185)

MS PT Extended: CVE-2022-4185 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12

MS PT Extended: CVE-2022-4182 was published before December 2022 Patch Tuesday from 2022-11-09 to 2022-12-12