{"id":742,"date":"2022-12-14T08:16:46","date_gmt":"2022-12-14T08:16:46","guid":{"rendered":"https:\/\/cybersecuritynest.com\/?p=742"},"modified":"2022-12-14T08:16:57","modified_gmt":"2022-12-14T08:16:57","slug":"microsoft-patched-2-zero-days-49-flaws","status":"publish","type":"post","link":"https:\/\/cybersecuritynest.com\/?p=742","title":{"rendered":"Microsoft  patched  2 zero-days, 49 flaws"},"content":{"rendered":"<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D742\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=742&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47--><p>Microsoft&#8217;s December 2022 Patch Tuesday comes with fixes for 49 vulnerabilities, including two zero-day vulnerabilities and one that has been actively exploited.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-743\" src=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-14-at-08.11.14-300x191.png\" alt=\"\" width=\"300\" height=\"191\" srcset=\"https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-14-at-08.11.14-300x191.png 300w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-14-at-08.11.14-1024x652.png 1024w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-14-at-08.11.14-768x489.png 768w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-14-at-08.11.14-1536x978.png 1536w, https:\/\/cybersecuritynest.com\/wp-content\/uploads\/2022\/12\/Screenshot-2022-12-14-at-08.11.14.png 1696w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Because they permit remote code execution, one of the most severe vulnerabilities, six of the 49 vulnerabilities fixed in today&#8217;s update are categorized as &#8220;Critical.&#8221;<\/p>\n<p>The following is a list of the number of vulnerabilities in each category:<\/p>\n<p>19 Elevation of Privilege Vulnerabilities, 2 Security Feature Bypass Vulnerabilities, 23 Remote Code Execution Vulnerabilities, 3 Information Disclosure Vulnerabilities, 3 Denial of Service Vulnerabilities, and 1 Spoofing Vulnerability<\/p>\n<p>Read today&#8217;s articles on the Windows 10 KB5021233 and KB5021237 updates and the Windows 11 KB5021255 and KB5021234 updates for information about non-security Windows updates.<\/p>\n<p>Two zero-day vulnerabilities are fixed in this month&#8217;s Patch Tuesday, one of which has been actively exploited and the other has been made public.<\/p>\n<p>If a vulnerability is publicly disclosed or actively exploited and there is no official fix, Microsoft considers it to be a zero-day vulnerability.<\/p>\n<p>Today&#8217;s updates address the zero-day vulnerability that was publicly disclosed and actively exploited:<\/p>\n<p>Will Dormann discovered the Windows SmartScreen Security Feature Bypass Vulnerability, CVE-2022-44698.<\/p>\n<p>&#8220;An attacker can create a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and the availability of Microsoft Office security features like Protected View, which rely on MOTW tagging.&#8221;<\/p>\n<p>Threat actors took advantage of this vulnerability by creating malicious JavaScript files that ran on their own and were signed with a wrong signature.<br \/>\nWhen signed in this way, SmartCheck would fail and not show any security warnings about the Mark of the Web, allowing the malware to run and install itself automatically.<\/p>\n<p>Numerous malware distribution campaigns, including those that spread the QBot trojan and Magniber Ransomware, actively took advantage of this vulnerability.<\/p>\n<p>The additional flaw that has been made public is:<\/p>\n<p>Luka Pribani discovered the DirectX Graphics Kernel Elevation of Privilege Vulnerability (CVE-2022-44710).<\/p>\n<p>&#8220;For this vulnerability to be exploited successfully, an attacker must win a race condition. SYSTEM privileges could be gained by an attacker who successfully exploits this vulnerability.<\/p>\n<p>Below is the complete list of resolved vulnerabilities and released advisories in the December 2022\u00a0Patch Tuesday updates<\/p>\n<table>\n<tbody>\n<tr>\n<th>Tag<\/th>\n<th>CVE ID<\/th>\n<th>CVE Title<\/th>\n<th>Severity<\/th>\n<\/tr>\n<tr>\n<td>.NET Framework<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41089\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41089<\/a><\/td>\n<td>.NET Framework Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Azure<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44699\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44699<\/a><\/td>\n<td>Azure Network Watcher Agent Security Feature Bypass Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Client Server Run-time Subsystem (CSRSS)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44673\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44673<\/a><\/td>\n<td>Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Bluetooth Driver<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44675\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44675<\/a><\/td>\n<td>Windows Bluetooth Driver Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Bluetooth Driver<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44674\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44674<\/a><\/td>\n<td>Windows Bluetooth Driver Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Dynamics<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41127\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41127<\/a><\/td>\n<td>Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4192\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4192<\/a><\/td>\n<td>Chromium: CVE-2022-4192 Use after free in Live Caption<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4193\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4193<\/a><\/td>\n<td>Chromium: CVE-2022-4193 Insufficient policy enforcement in File System API<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4190\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4190<\/a><\/td>\n<td>Chromium: CVE-2022-4190 Insufficient data validation in Directory<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4191\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4191<\/a><\/td>\n<td>Chromium: CVE-2022-4191 Use after free in Sign-In<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4194\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4194<\/a><\/td>\n<td>Chromium: CVE-2022-4194 Use after free in Accessibility<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41115\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41115<\/a><\/td>\n<td>Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44688\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44688<\/a><\/td>\n<td>Microsoft Edge (Chromium-based) Spoofing Vulnerability<\/td>\n<td>Moderate<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4195\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4195<\/a><\/td>\n<td>Chromium: CVE-2022-4195 Insufficient policy enforcement in Safe Browsing<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44708\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44708<\/a><\/td>\n<td>Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4181\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4181<\/a><\/td>\n<td>Chromium: CVE-2022-4181 Use after free in Forms<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4180\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4180<\/a><\/td>\n<td>Chromium: CVE-2022-4180 Use after free in Mojo<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4174\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4174<\/a><\/td>\n<td>Chromium: CVE-2022-4174 Type Confusion in V8<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4182\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4182<\/a><\/td>\n<td>Chromium: CVE-2022-4182 Inappropriate implementation in Fenced Frames<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4179\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4179<\/a><\/td>\n<td>Chromium: CVE-2022-4179 Use after free in Audio<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4178\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4178<\/a><\/td>\n<td>Chromium: CVE-2022-4178 Use after free in Mojo<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4175\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4175<\/a><\/td>\n<td>Chromium: CVE-2022-4175 Use after free in Camera Capture<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4177\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4177<\/a><\/td>\n<td>Chromium: CVE-2022-4177 Use after free in Extensions<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4187\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4187<\/a><\/td>\n<td>Chromium: CVE-2022-4187 Insufficient policy enforcement in DevTools<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4185\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4185<\/a><\/td>\n<td>Chromium: CVE-2022-4185 Inappropriate implementation in Navigation<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4188\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4188<\/a><\/td>\n<td>Chromium: CVE-2022-4188 Insufficient validation of untrusted input in CORS<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4189\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4189<\/a><\/td>\n<td>Chromium: CVE-2022-4189 Insufficient policy enforcement in DevTools<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4186\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4186<\/a><\/td>\n<td>Chromium: CVE-2022-4186 Insufficient validation of untrusted input in Downloads<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4183\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4183<\/a><\/td>\n<td>Chromium: CVE-2022-4183 Insufficient policy enforcement in Popup Blocker<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Edge (Chromium-based)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-4184\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-4184<\/a><\/td>\n<td>Chromium: CVE-2022-4184 Insufficient policy enforcement in Autofill<\/td>\n<td>Unknown<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-26805\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-26805<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-26804\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-26804<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-47213\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-47213<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44697\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44697<\/a><\/td>\n<td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>\n<td>Moderate<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41121\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41121<\/a><\/td>\n<td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44671\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44671<\/a><\/td>\n<td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-47212\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-47212<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-26806\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-26806<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-47211\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-47211<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41074\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41074<\/a><\/td>\n<td>Windows Graphics Component Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44679\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44679<\/a><\/td>\n<td>Windows Graphics Component Information Disclosure Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Graphics Component<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44680\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44680<\/a><\/td>\n<td>Windows Graphics Component Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44692\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44692<\/a><\/td>\n<td>Microsoft Office Graphics Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office OneNote<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44691\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44691<\/a><\/td>\n<td>Microsoft Office OneNote Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Outlook<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-24480\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-24480<\/a><\/td>\n<td>Outlook for Android Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Outlook<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44713\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44713<\/a><\/td>\n<td>Microsoft Outlook for Mac Spoofing Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office SharePoint<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44690\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44690<\/a><\/td>\n<td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office SharePoint<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44693\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44693<\/a><\/td>\n<td>Microsoft SharePoint Server Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Visio<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44696\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44696<\/a><\/td>\n<td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Visio<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44695\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44695<\/a><\/td>\n<td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Office Visio<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44694\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44694<\/a><\/td>\n<td>Microsoft Office Visio Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Windows Codecs Library<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44668\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44668<\/a><\/td>\n<td>Windows Media Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Windows Codecs Library<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44667\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44667<\/a><\/td>\n<td>Windows Media Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Microsoft Windows Codecs Library<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44687\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44687<\/a><\/td>\n<td>Raw Image Extension Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Role: Windows Hyper-V<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41094\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41094<\/a><\/td>\n<td>Windows Hyper-V Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Role: Windows Hyper-V<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44682\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44682<\/a><\/td>\n<td>Windows Hyper-V Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>SysInternals<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44704\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44704<\/a><\/td>\n<td>Microsoft Windows Sysmon Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Certificates<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/ADV220005\" target=\"_blank\" rel=\"nofollow noopener\">ADV220005<\/a><\/td>\n<td>Guidance on Microsoft Signed Drivers Being Used Maliciously<\/td>\n<td>None<\/td>\n<\/tr>\n<tr>\n<td>Windows Contacts<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44666\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44666<\/a><\/td>\n<td>Windows Contacts Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows DirectX<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44710\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44710<\/a><\/td>\n<td>DirectX Graphics Kernel Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Error Reporting<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44669\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44669<\/a><\/td>\n<td>Windows Error Reporting Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Fax Compose Form<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41077\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41077<\/a><\/td>\n<td>Windows Fax Compose Form Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows HTTP Print Provider<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44678\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44678<\/a><\/td>\n<td>Windows Print Spooler Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Kernel<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44707\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44707<\/a><\/td>\n<td>Windows Kernel Denial of Service Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Kernel<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44683\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44683<\/a><\/td>\n<td>Windows Kernel Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows PowerShell<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41076\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-41076<\/a><\/td>\n<td>PowerShell Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows Print Spooler Components<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44681\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44681<\/a><\/td>\n<td>Windows Print Spooler Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Projected File System<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44677\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44677<\/a><\/td>\n<td>Windows Projected File System Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Secure Socket Tunneling Protocol (SSTP)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44670\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44670<\/a><\/td>\n<td>Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows Secure Socket Tunneling Protocol (SSTP)<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44676\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44676<\/a><\/td>\n<td>Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability<\/td>\n<td><span class=\"crit\">Critical<\/span><\/td>\n<\/tr>\n<tr>\n<td>Windows SmartScreen<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44698\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44698<\/a><\/td>\n<td>Windows SmartScreen Security Feature Bypass Vulnerability<\/td>\n<td>Moderate<\/td>\n<\/tr>\n<tr>\n<td>Windows Subsystem for Linux<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44689\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44689<\/a><\/td>\n<td>Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>Windows Terminal<\/td>\n<td><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44702\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-44702<\/a><\/td>\n<td>Windows Terminal Remote Code Execution Vulnerability<\/td>\n<td>Important<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<aside class=\"mashsb-container mashsb-main mashsb-stretched\"><div class=\"mashsb-box\"><div class=\"mashsb-buttons\"><a class=\"mashicon-facebook mash-large mash-center mashsb-noshadow\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fcybersecuritynest.com%2F%3Fp%3D742\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Share&nbsp;on&nbsp;Facebook<\/span><\/a><a class=\"mashicon-twitter mash-large mash-center mashsb-noshadow\" href=\"https:\/\/twitter.com\/intent\/tweet?text=&amp;url=https:\/\/cybersecuritynest.com\/?p=742&amp;via=CYBERSECNEST\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Tweet&nbsp;on&nbsp;Twitter<\/span><\/a><a class=\"mashicon-subscribe mash-large mash-center mashsb-noshadow\" href=\"#\" target=\"_top\" rel=\"nofollow\"><span class=\"icon\"><\/span><span class=\"text\">Subscribe&nbsp;to&nbsp;Newsletter<\/span><\/a><div class=\"onoffswitch2 mash-large mashsb-noshadow\" style=\"display:none\"><\/div><\/div>\n            <\/div>\n                <div style=\"clear:both\"><\/div><\/aside>\n            <!-- Share buttons by mashshare.net - Version: 4.0.47-->","protected":false},"excerpt":{"rendered":"<p>Microsoft&#8217;s December 2022 Patch Tuesday comes with fixes for 49 vulnerabilities, including two zero-day vulnerabilities and one that has been actively exploited. Because they permit remote code execution, one of the most severe vulnerabilities, six of the 49 vulnerabilities fixed in today&#8217;s update are categorized as &#8220;Critical.&#8221; The following is a list of the number [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":744,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":"","_links_to":"","_links_to_target":""},"categories":[10],"tags":[],"class_list":["post-742","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vul-mal"],"aioseo_notices":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/742"}],"collection":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=742"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/742\/revisions"}],"predecessor-version":[{"id":746,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/posts\/742\/revisions\/746"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=\/wp\/v2\/media\/744"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=742"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=742"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynest.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=742"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}