Patch Tuesday is once again upon us. The December 2022 edition of Patch Tuesday brings us 56 fixes, with 6 rated as critical. We’ve listed the most important changes below.
⚡ TL;DR | Go Straight to the December 2022 Patch Tuesday Audit Report
PowerShell Remote Code Execution Vulnerability
The most severe issue addressed this month is a Powershell RCE vulnerability. With a CVSS score of 8.5 CVE-2022-41076 doesn’t quite have the highest score of the month, but the combination of a relatively high score and the remark from Microsoft that it is more likely to be exploited makes it the top of our list.
According to Microsoft, any authenticated user could trigger this vulnerability and no admin or other elevated privileges are required. Once exploited an attacker can run unapproved commands on the target system. The main reason why this vulnerability isn’t more critical is because „additional actions prior to exploitation to prepare the target environment“ are needed.
Microsoft SharePoint Server RCE
The second RCE vulnerability to highlight this month is related to Sharepoint. Sharepoint has been getting more attention lately with Microsoft fixing more severe security issues. This month CVE-2022-44693 and CVE-2022-44690 have been fixed, both having a CVSS base score of 8.8. When exploited, the vulnerability allows an authenticated attacker with Manage List permissions could execute code remotely.
Microsoft Exchange Server Spoofing Vulnerability
Lastly, we’re returning to Exchange, a hot topic for the last couple of months. Last month CVE-2022-41079 and CVE-2022-41078, that both have a CVSS 8.0, allow the disclosure of NTLM hashes when exploited. The attacker does have to be authenticated. Regarding the attack vector, Microsoft added the following clarification this month:
This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.
Run the Patch Tuesday December 2022 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday December 2022 CVE Codes & Titles
CVE Number | CVE Title |
CVE-2022-47213 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-47212 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-47211 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-44713 | Microsoft Outlook for Mac Spoofing Vulnerability |
CVE-2022-44710 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
CVE-2022-44707 | Windows Kernel Denial of Service Vulnerability |
CVE-2022-44704 | Microsoft Windows Sysmon Elevation of Privilege Vulnerability |
CVE-2022-44702 | Windows Terminal Remote Code Execution Vulnerability |
CVE-2022-44699 | Azure Network Watcher Agent Security Feature Bypass Vulnerability |
CVE-2022-44698 | Windows SmartScreen Security Feature Bypass Vulnerability |
CVE-2022-44697 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2022-44696 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2022-44695 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2022-44694 | Microsoft Office Visio Remote Code Execution Vulnerability |
CVE-2022-44693 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2022-44692 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-44691 | Microsoft Office OneNote Remote Code Execution Vulnerability |
CVE-2022-44690 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
CVE-2022-44689 | Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability |
CVE-2022-44687 | Raw Image Extension Remote Code Execution Vulnerability |
CVE-2022-44683 | Windows Kernel Elevation of Privilege Vulnerability |
CVE-2022-44682 | Windows Hyper-V Denial of Service Vulnerability |
CVE-2022-44681 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-44680 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2022-44679 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2022-44678 | Windows Print Spooler Elevation of Privilege Vulnerability |
CVE-2022-44677 | Windows Projected File System Elevation of Privilege Vulnerability |
CVE-2022-44676 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
CVE-2022-44675 | Windows Bluetooth Driver Elevation of Privilege Vulnerability |
CVE-2022-44674 | Windows Bluetooth Driver Information Disclosure Vulnerability |
CVE-2022-44673 | Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability |
CVE-2022-44671 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2022-44670 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
CVE-2022-44669 | Windows Error Reporting Elevation of Privilege Vulnerability |
CVE-2022-44668 | Windows Media Remote Code Execution Vulnerability |
CVE-2022-44667 | Windows Media Remote Code Execution Vulnerability |
CVE-2022-44666 | Windows Contacts Remote Code Execution Vulnerability |
CVE-2022-41127 | Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability |
CVE-2022-41121 | Windows Graphics Component Elevation of Privilege Vulnerability |
CVE-2022-41094 | Windows Hyper-V Elevation of Privilege Vulnerability |
CVE-2022-41089 | .NET Framework Remote Code Execution Vulnerability |
CVE-2022-41079 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2022-41078 | Microsoft Exchange Server Spoofing Vulnerability |
CVE-2022-41077 | Windows Fax Compose Form Elevation of Privilege Vulnerability |
CVE-2022-41076 | PowerShell Remote Code Execution Vulnerability |
CVE-2022-41074 | Windows Graphics Component Information Disclosure Vulnerability |
CVE-2022-41043 | Microsoft Office Information Disclosure Vulnerability |
CVE-2022-38042 | Active Directory Domain Services Elevation of Privilege Vulnerability |
CVE-2022-38032 | Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability |
CVE-2022-37967 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2022-37958 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
CVE-2022-34704 | Windows Defender Credential Guard Information Disclosure Vulnerability |
CVE-2022-26806 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-26805 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-26804 | Microsoft Office Graphics Remote Code Execution Vulnerability |
CVE-2022-24480 | Outlook for Android Elevation of Privilege Vulnerability |
„*“ zeigt erforderliche Felder an
Receive the Latest Patch Tuesday Report for FREE Every Month