- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
- The end of digital transformation, the rise of AI transformation
Two Zero-Days Fixed in December Patch Tuesday
The final Microsoft Patch Tuesday of 2022 addressed nearly a half century of vulnerabilities including two zero-days, one of which is being exploited in the wild.
A handful of the bugs are rated “critical” while 13 are described by Microsoft as “more likely to be exploited,” meaning there’s still plenty of work to do for sysadmins at the end of the year.
The zero-day that is currently being exploited is CVE-2022-44698 – a security feature bypass vulnerability in Windows SmartScreen. This tool works with the vendor’s Mark of the Web (MOTW) functionality which flags files downloaded from the internet, according to Satnam Narang, senior staff research engineer at Tenable.
“This vulnerability can be exploited in multiple scenarios, including through malicious websites and malicious attachments delivered over email or messaging services,” he added.
“They require a potential victim to visit the malicious website or open a malicious attachment in order to bypass SmartScreen.”
However, the proof-of-concept code for the bug is not thought to have been publicly disclosed as yet.
The second zero-day is CVE-2022-44710 – an elevation of privilege vulnerability in the DirectX Graphics Kernel which was publicly disclosed prior to a patch becoming available, but is not yet being exploited.
“It is considered to be a flaw that is less likely to be exploited based on Microsoft’s Exploitability Index,” confirmed Narang.
Mike Walters, VP of vulnerability and threat research at Action1, pointed to critical PowerShell vulnerability CVE-2022-41076 as worthy of attention. It affects all Windows OS versions from Windows 7 and Windows Server 2008 R2 on.
“This critical vulnerability has a high CVSS risk score of 8.5, because any authenticated user can trigger the vulnerability and run unapproved PowerShell commands execution in the target system, even though the exploitation does require some preparation from the attacker,” Walters explained.
CVE-2022-44693 is a critical remote code execution vulnerability in SharePoint with a CVSS score of 8.8. Crucially it’s of low complexity and requires no privilege escalation.
“To exploit it, attackers only need access to the basic user account with Manage List permissions, which most companies grant to all SharePoint users by default,” warned Walters.
“This vulnerability does not require user interaction; once attackers get the appropriate credentials, they can execute code remotely on a target SharePoint server.”
Editorial credit icon image: Paolo Bona / Shutterstock.com
