Tuesday, February 7, 2023
HomeScience/TechnologyMicrosoft addresses two zero days in December Patch Tuesday

Microsoft addresses two zero days in December Patch Tuesday

Microsoft’s Patch Tuesday for December contained fixes for 48 vulnerabilities, including two zero days and seven critical bugs.

The two addressed zero-day vulnerabilities are CVE-2022-44698 and CVE-2022-44710. CVE-2022-44698, first disclosed on Tuesday, affects the Windows SmartScreen anti-phishing and anti-malware tool and has been exploited in the wild.

The flaw, which has a CVSS 3.1 base score of 5.4, allows an attacker to create a malicious directory that can bypass the Mark of the Web (MOTW) file protection feature and “limits loss of integrity and availability of security features such as Protected View ” can cause. in Microsoft Office,” according to Microsoft. Windows’ MOTW feature flags files and documents from untrusted sources.

Ivanti vice president of product management, Chris Goettl, told TechTarget Editorial that the main purpose of this flaw is so that a threat actor could bypass the reputation check and issue a phishing prompt more easily.

“The main danger of this flaw is that an attacker could host it on a website or send it as an email and instant message,” he said. “They have to really creatively convince a user to click on what they’ve come up with. And as we all know, it’s not that hard. It’s more of just a statistical challenge.”

The second fixed zero-day vulnerability was CVE-2022-44710, a privilege escalation flaw in the DirectX graphics kernel. It has a CVSS 3.1 base score of 7.8 and requires an attacker to win a race condition in order to take advantage. While CVE-2022-44710 is not being exploited in the wild, details of the vulnerability were disclosed ahead of the patch’s release on Tuesday.

See also  Zoom crashes for thousands of users around the world

Goettl said this vulnerability could allow a threat actor to gain kernel-level privileges, but it is also difficult to achieve.

“The conditions have to be right, but it’s definitely a vulnerability that can be seen in an attack chain where you have a few different vulnerabilities together and create a way for that attacker to get everything they need,” he said.

In addition to the zero days, there were several notable flaws. Two severe Remote Code Execution (RCE) errors in Microsoft SharePoint Server have been fixed, CVE-2022-44690 and CVE-2022-44693; both received CVSS 3.1 scores of 8.8 – a lower score for an RCE attack because Microsoft considered exploitation “less likely”.

PowerShell also spotted an RCE vulnerability, CVE-2022-41076, which received a CVSS score of 8.5. Microsoft said exploits were “more likely” with the flaw, and any authorized user account could exploit it. PowerShell threats are generally considered very serious due to their frequent ability to provide kernel-level access.

Goettl told TechTarget Editorial that December was more of a “low-key” patch Tuesday, but offered a number of takeaways from the vulnerabilities that were revealed, including those from other software makers. One was to prioritize keeping browser security up to date, fixing a number of bugs in Mozilla browsers Tuesday and Google Chrome’s recent zero-days.

“Browser-based vulnerabilities are some of the easier ones to target,” Goettl said. “It’s always good to make sure your browsers are as up-to-date as possible when a maintenance window comes up.”

Another takeaway Goettl offered was that many organizations are concerned that threat activity is increasingly focused on time frames when fewer staff are present, such as holidays. He said organizations need to move from a “fix it all” approach to one that addresses the very specific risks of that organization.

See also  मार्केट में धूम मचाने इस दिन आ रहा Realme का तगड़ा स्‍मार्टफोन, मिलेंगे जबरदस्‍त फीचर्स

“It’s not a numbers game — it’s a conversation about what will reduce risk,” he said. “I think that’s the most important thing. Focus on the risks.”

Alexander Culafi is a writer, journalist and podcaster based in Boston.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments