Home > Cyber News > CVE-2022-44698, CVE-2022-44710: Microsoft Fixes 2 Zero-Days

CVE-2022-44698, CVE-2022-44710: Microsoft Fixes 2 Zero-Days

CVE-2022-44698, CVE-2022-44710- Microsoft Fixes 2 Zero-Days-sensorstechforum

Another Microsoft Patch Tuesday has rolled out, fixing a total of 49 vulnerabilities. In terms of severity and impact, six of these vulnerabilities are critical, 40 important, and the rest – moderate.

Microsoft December 2022 Patch Tuesday: Affected Products

So, what products have been affected by these 49 vulnerabilities? Microsoft has provided a list, including the following products, features and roles across the company’s portfolio:

.NET Framework
Client Server Run-time Subsystem (CSRSS)
Microsoft Bluetooth Driver
Microsoft Dynamics
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Microsoft Office OneNote
Microsoft Office Outlook
Microsoft Office SharePoint
Microsoft Office Visio
Microsoft Windows Codecs Library
Role: Windows Hyper-V
Windows Certificates
Windows Contacts
Windows DirectX
Windows Error Reporting
Windows Fax Compose Form
Windows HTTP Print Provider
Windows Kernel
Windows PowerShell
Windows Print Spooler Components
Windows Projected File System
Windows Secure Socket Tunneling Protocol (SSTP)
Windows SmartScreen
Windows Subsystem for Linux
Windows Terminal

Of the fixed security flaws, two are zero-days, one of which is actively exploited (and the other one publicly disclosed. In terms of their type, the vulnerabilities are elevation of privilege, security feature bypass, remote code execution, information disclosure, denial-of-service, and spoofing. In addition, earlier this month, the company fixed twenty-five vulnerabilities in its Edge browser.

Two Zero-Day Vulnerabilities Fixed: CVE-2022-44698 and CVE-2022-44710

CVE-2022-44698 is a “Windows SmartScreen Security Feature Bypass Vulnerability”, which was actively exploited in the wild. How can an attacker exploit the issue? By crafting a malicious file that evades Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features that rely on MOTW tagging (e.g. Protected View in Microsoft Office). The zero-day was exploited by creating malicious JavaScript files signed by a compromised signature in malware distribution campaigns that dropped QBot trojan and Magniber ransomware.

The other vulnerability, CVE-2022-44710, has been described as a “DirectX Graphics Kernel Elevation of Privilege Vulnerability”. The issue hasn’t been exploited but is publicly available at the time of disclosure. To exploit successfully, a threat actor would need to acquire a race condition, which eventually could lead to gaining SYSTEM privileges.

Six Critical Vulnerabilities Also Fixed

As we already mentioned, six of the fixed issues are critical. One of the more likely to be exploited critical issues is CVE-2022-41076. This is a remote code execution vulnerability in Windows PowerShell which could allow an authenticated threat actor to escape the PowerShell Remoting Session Configuration and run unauthorized commands on vulnerable systems.

CVE-2022-41127 is another critical issue that affects Microsoft Dynamics NAV and MS Dynamics 365 Business Central. The issue could lead to code execution on Dynamic NAV servers.

CVE-2022-44670 and CVE-2022-44676 are critical remote code execution flaws in Windows Secure Socket Tunneling Protocol (SSTP). A threat actor needs to win a race condition in order for the flaw to be exploited in remote code execution attacks on RAS servers.

The last two critical issues are located in Microsoft Sharepoint Server. “Successful exploitation of CVE-2022-44690 or CVE-2022-44693 could enable an attacker to execute code on Sharepoint Servers but require the attacker to first be authenticated and granted the ability to use the Manage Lists feature in Sharepoint,” as pointed out by Cisco Talos researchers.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree