Patch Tuesday December 2022: 56 leaks fixed

By Owen December 14, 2022 Technology 0 Comments

Microsoft Patch Tuesday — Picture: iStock

As traditional, Microsoft releases a sequence of safety upgrades and patches for Home windows on Patch Tuesday. This month, 56 leaks will likely be closed.

The 56 safety vulnerabilities occurred in a wide range of areas. Elements of Microsoft Home windows itself, the Workplace suite, Microsoft Edge, SharePoint Servers and the .NET framework had been all patched. After all, a few of these issues are extra of a menace than others. As many as 6 CVEs had been assigned vital standing. Furthermore, two of them are so-called zero-days: safety vulnerabilities which are recognized to the general public and/or have been actively abused. For an entire checklist of all CVEs mounted this Patch Tuesday, go to the Microsoft web site justly.

Zero-days

CVE-2022-44698 – that is the quantity that received into an issue with Home windows SmartScreen. This vulnerability made it doable to bypass so-called Mark of the Net (MOTW) protections. That was doable with a JavaScript file drawn in a sure manner. Consequently, a number of safety mechanisms, akin to Protected View in Microsoft Workplace applications, are utterly misplaced. These mechanisms rely upon MOTW protocols. This vulnerability is alleged to have been actively exploited in quite a lot of distant software program activation malware campaigns.

The opposite zero-day will get that standing as a result of the issue was publicly recognized. It considerations an issue with DirectX the place system privileges might be obtained. Nonetheless, it seems that the vulnerability was not actively exploited. In spite of everything, to realize entry, hackers should win a “race” situation, or talk with the CPU quicker than the graphics card can. That’s not sensible in all instances.

Vital Safety Vulnerabilities

Like the 2 vital zero-days, the opposite 4 vulnerabilities additionally concerned distant code-running. It considerations safety vulnerabilities in Microsoft Dynamics NAV, Microsoft Dynamics 365 Enterprise Central, Microsoft SharePoint Server, PowerShell, and Home windows Safe Socket Tunneling Protocol (STTP).

It is suggested to put in the safety replace. This fashion you aren’t solely protected in opposition to these 6 vital safety vulnerabilities, but in addition in opposition to quite a few different, ‘much less vital’ safety issues. You possibly can replace your Home windows laptop from ‘Home windows Replace’, which you’ll find below your settings.

Discover: This product requires JavaScript.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Zero-days

Vital Safety Vulnerabilities

Related Posts