News

Microsoft Patches Two Zero-Day Vulnerabilities

Each month, Microsoft releases a big security update known as “Patch Tuesday.” As the name implies, the update comes on the second Tuesday of each month, fixing any security vulnerabilities the company found since the previous Patch Tuesday update. This past Tuesday’s patch was notable, since the company fixed two zero-days among other critical vulnerabilities. The patch fixes 49 vulnerabilities
December 20, 2022
 / 
meritsolutions
 / 
Leave a Comment
 / 
Image

Each month, Microsoft releases a big security update known as “Patch Tuesday.” As the name implies, the update comes on the second Tuesday of each month, fixing any security vulnerabilities the company found since the previous Patch Tuesday update. This past Tuesday’s patch was notable, since the company fixed two zero-days among other critical vulnerabilities.

The patch fixes 49 vulnerabilities in total. According to Bleeping Computer, six of these vulnerabilities are rated as “Critical,” meaning they are of upmost importance to patch:

  • CVE-2022-41127 – Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
  • CVE-2022-44690 – Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2022-44693 – Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability
  • CVE-2022-44670 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
  • CVE-2022-44676 – Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

However, these critical vulnerabilities aren’t the most severe issues. While it’s important you patch these issues on your system, the two zero-days Microsoft’s update patches are more important. Zero-days are vulnerabilities the developer previously weren’t aware of, which makes them dangerous. If someone discovers an exploit for these zero-days before the developers do, there’s no telling how long users are sitting targets for.

Unfortunately, one of these zero-days has an active exploit. It’s being tracked as CVE-2022-44698, relating to a security bypass problem in Windows SmartScreen. It’s being used to spread QBot and Magniber ransomware, a particularly nasty form of malware that holds the victim’s system hostage.

The other zero-day here is tracked as CVE-2022-44710, and is a DirectX Graphics kernel privilege escalation vulnerability. If exploited, it could allow a hacker to gain system privileges to your network.

Share This

Leave a Reply

More Articles

Featured image for “You Should Check Which Apps on Your Smartphone Are Using Your Location”
Apr. 23, 2024

You Should Check Which Apps on Your Smartphone Are Using Your Location

Featured image for “Protect Your Privacy By Forwarding Your Emails Through a Decoy Account”
Apr. 23, 2024

Protect Your Privacy By Forwarding Your Emails Through a Decoy Account

Featured image for “Don’t Send Important Business Information Over SMS”
Apr. 16, 2024

Don’t Send Important Business Information Over SMS

Featured image for “How Following Cybersecurity Best Practices Keeps Your Accounts Safe”
Apr. 16, 2024

How Following Cybersecurity Best Practices Keeps Your Accounts Safe

Featured image for “Do You Know What’s in That Browser Extension?”
Apr. 09, 2024

Do You Know What’s in That Browser Extension?

View All

Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.