December’s Patch Tuesday contains fixes for 44 vulnerabilities, with 7 critical, 2 publicly disclosed and 1 exploited in the wild. This Patch Tuesday is quieter than what we have seen over the past couple of months, with a big decrease in the number of vulnerabilities.
Being the only known vulnerability to be exploited in the wild, this moderate vulnerability would allow an attacker can craft a malicious file that would evade Mark of the Web defences. This file would result in an error with SmartScreen causing security warnings to not be displayed to users. This was known to be used by QBot trojan and Magniber Ransomware to bypass Microsoft’s security systems.
This publicly disclosed moderate vulnerability could allow an attacker to access SYSTEM privileges by exploiting DirectX Graphics Kernel. Weak mitigation of this vulnerability is that an attacker would have to win a race condition for a successful exploit. This vulnerability only affects Windows 11 Version 22H2 for ARM64- and x64-based systems.
This critical vulnerability could allow an attacker to escape the PowerShell Remoting Session configuration and run unapproved commands. This vulnerability is complex to exploit and would require the attack to win a race condition.
For a full list of this month’s updates please see the links below:
Patch Tuesday release notes: https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
Security update guide: https://msrc.microsoft.com/update-guide/
Stuart Hare is a Technologist with a passion for helping people in all aspects of IT & Cyber Security. Stuart is the Founder of Ironshare, an Information and Cyber Security company providing consultancy and managed services.
Samuel is a Security Analyst with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
Joshua is working as a Managed Service Lead with Ironshare, an Information and Cyber Security company providing Security consultancy and managed services.
