Today Is “Patch Tuesday” And It’s Time To Patch All The Things

While I was busy covering the feature dump that Apple did with all its operating systems, I didn’t cover the fact that it was Microsoft’s “Patch Tuesday”. Bleeping Computer has a lot of info on December’s “Patch Tuesday” dump here. And there is truly a lot here for you to read. To help you make sense of it all, I have enlisted the help of Yoav Iellin, Senior Researcher at Silverfort:

Marked as critical, CVE 2022-41076 is one security teams should definitely be aware of as it allows for an attacker to escape the Powershell Constrained Session Configuration to run unapproved commands. Powershell Constrained Session is used across a wide variety of applications so admins need to be aware of where they are exposed and either update, or disable the affected feature. While Microsoft notes this vulnerability is complex to exploit, it can however be triggered by any authenticated user, removing the extra step of escalating privileges.

An interesting, actively exploited vulnerability from an initial access point of view is CVE-2022-44698. This is a flaw in Windows SmartScreen – a component in Microsoft applications designed to reduce the risk of socially engineered malware by checking the reputation of downloaded files prior to installation. Using this vulnerability, an attacker could convince the victim to run a crafted file or access an unsafe link and then bypass protections alerting them to potentially malicious downloads.

Included amongst the usual CVE numbers, Microsoft Security Advisory ADV220005 tells an interesting story. This advisory recounts the detection of malicious drivers submitted and signed by the Microsoft Windows Hardware Developer Program. Components such as this enjoy kernel level access, so would have been able to evade security controls had they not been detected.”

The guidance that Mr. Iellin spoke of can be found here and is very much worth reading. But perhaps that reading should take place after you patch all the things so that the bad guys don’t use today’s “Patch Tuesday” dump to create attacks from.

Leave a Reply