PRUEBA AHORA
Patch Tuesday

Microsoft Patch Tuesday – December 2022

5 min. read
13/12/2022
By Esben Dochy
Microsoft-Patch-Tuesday-May-2022

Patch Tuesday is once again upon us. The December 2022 edition of Patch Tuesday brings us 56 fixes, with 6 rated as critical. We’ve listed the most important changes below.

⚡ TL;DR | Go Straight to the December 2022 Patch Tuesday Audit Report

PowerShell Remote Code Execution Vulnerability

The most severe issue addressed this month is a Powershell RCE vulnerability. With a CVSS score of 8.5 CVE-2022-41076 doesn’t quite have the highest score of the month, but the combination of a relatively high score and the remark from Microsoft that it is more likely to be exploited makes it the top of our list.

According to Microsoft, any authenticated user could trigger this vulnerability and no admin or other elevated privileges are required. Once exploited an attacker can run unapproved commands on the target system. The main reason why this vulnerability isn’t more critical is because «additional actions prior to exploitation to prepare the target environment» are needed.

Microsoft SharePoint Server RCE

The second RCE vulnerability to highlight this month is related to Sharepoint. Sharepoint has been getting more attention lately with Microsoft fixing more severe security issues. This month CVE-2022-44693 and CVE-2022-44690 have been fixed, both having a CVSS base score of 8.8. When exploited, the vulnerability allows an authenticated attacker with Manage List permissions could execute code remotely.

Microsoft Exchange Server Spoofing Vulnerability

Lastly, we’re returning to Exchange, a hot topic for the last couple of months. Last month CVE-2022-41079 and CVE-2022-41078, that both have a CVSS 8.0, allow the disclosure of NTLM hashes when exploited. The attacker does have to be authenticated. Regarding the attack vector, Microsoft added the following clarification this month:

This vulnerability’s attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment.

Run the Patch Tuesday December 2022 Audit

To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.

The Lansweeper Patch Tuesday report is automatically added to Lansweeper Cloud sites. Lansweeper Cloud is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!

Patch Tuesday December 2022 CVE Codes & Titles

CVE NumberCVE Title
CVE-2022-47213Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-47212Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-47211Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-44713Microsoft Outlook for Mac Spoofing Vulnerability
CVE-2022-44710DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2022-44707Windows Kernel Denial of Service Vulnerability
CVE-2022-44704Microsoft Windows Sysmon Elevation of Privilege Vulnerability
CVE-2022-44702Windows Terminal Remote Code Execution Vulnerability
CVE-2022-44699Azure Network Watcher Agent Security Feature Bypass Vulnerability
CVE-2022-44698Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2022-44697Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-44696Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44695Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44694Microsoft Office Visio Remote Code Execution Vulnerability
CVE-2022-44693Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-44692Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-44691Microsoft Office OneNote Remote Code Execution Vulnerability
CVE-2022-44690Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-44689Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
CVE-2022-44687Raw Image Extension Remote Code Execution Vulnerability
CVE-2022-44683Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-44682Windows Hyper-V Denial of Service Vulnerability
CVE-2022-44681Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-44680Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-44679Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-44678Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2022-44677Windows Projected File System Elevation of Privilege Vulnerability
CVE-2022-44676Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-44675Windows Bluetooth Driver Elevation of Privilege Vulnerability
CVE-2022-44674Windows Bluetooth Driver Information Disclosure Vulnerability
CVE-2022-44673Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
CVE-2022-44671Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-44670Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
CVE-2022-44669Windows Error Reporting Elevation of Privilege Vulnerability
CVE-2022-44668Windows Media Remote Code Execution Vulnerability
CVE-2022-44667Windows Media Remote Code Execution Vulnerability
CVE-2022-44666Windows Contacts Remote Code Execution Vulnerability
CVE-2022-41127Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
CVE-2022-41121Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-41094Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2022-41089.NET Framework Remote Code Execution Vulnerability
CVE-2022-41079Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41078Microsoft Exchange Server Spoofing Vulnerability
CVE-2022-41077Windows Fax Compose Form Elevation of Privilege Vulnerability
CVE-2022-41076PowerShell Remote Code Execution Vulnerability
CVE-2022-41074Windows Graphics Component Information Disclosure Vulnerability
CVE-2022-41043Microsoft Office Information Disclosure Vulnerability
CVE-2022-38042Active Directory Domain Services Elevation of Privilege Vulnerability
CVE-2022-38032Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability
CVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability
CVE-2022-37958SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
CVE-2022-34704Windows Defender Credential Guard Information Disclosure Vulnerability
CVE-2022-26806Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-26805Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-26804Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-24480Outlook for Android Elevation of Privilege Vulnerability

Receive the Latest Patch Tuesday Report for FREE Every Month

"*" señala los campos obligatorios

Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo está oculto cuando se visualiza el formulario
Este campo es un campo de validación y debe quedar sin cambios.