Service Notices
Microsoft Releases December 2022 Security Updates
Dec 16, 2022 GMT+08:00
I. Overview
Microsoft has released its December 2022 Security Updates. A total of 48 security vulnerabilities have been disclosed, among which 7 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to perform remote code execution, escalate privileges, and leak sensitive information. The affected applications include components such as Microsoft Windows, Microsoft Office, .NET Framework, and Microsoft Dynamics.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Dec
The following vulnerabilities have been exploited by attackers:
Windows SmartScreen Security Feature Bypass Vulnerability (CVE-2022-44698): 0-day vulnerability. A remote attacker can bypass Mark of the Web (MOTW) defenses and potentially compromise the affected system. The vulnerability details have been disclosed and the vulnerability has been exploited in the wild. The risk is high.
DirectX Graphics Kernel Elevation of Privilege Vulnerability (CVE-2022-44710): 0-day vulnerability. An attacker who successfully exploited this vulnerability could elevate its permissions to the root permissions on the victim system. Currently, the details of this vulnerability have been disclosed and the risk is high.
7 vulnerabilities (including CVE-2022-41076 and CVE-2022-44671) are officially marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, .NET Framework and Microsoft Dynamics
IV. Vulnerability Details
CVE No. |
Vulnerability |
Severity |
Affected Product |
CVE-2022-41089 |
.NET Framework Remote Code Execution Vulnerability |
Important |
.NET 6.0/7.0, .NET Core 3.1, Microsoft .NET Framework 2.0/3.0/3.5/ 3.5.1/4.6/4.6.2/ 4.7.2/ 4.8/4.8.1/4.7/4.7.1, and Microsoft Visual Studio 2019/2022 |
CVE-2022-41076 |
PowerShell Remote Code Execution Vulnerability |
Important |
PowerShell 7.2/7.3, Windows 10, Windows 8.1/RT 8.1, Windows 11, Windows 7, Windows Server 2008R/2012/2012R/2016/2019/2022 |
CVE-2022-41127 |
Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability |
Important |
Microsoft Dynamics 365 Business Central 2020/2021/2022, Microsoft Dynamics NAV 2016/2017/2018, Dynamics 365 Business Central 2019 Release Wave 2 (On-Premise), Dynamics 365 Business Central Spring 2019 Update |
CVE-2022-44693 CVE-2022-44690 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
Microsoft SharePoint Enterprise Server 2013/2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Foundation 2013 |
CVE-2022-44676 CVE-2022-44670 |
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability |
Important |
Windows 10, Windows 8.1/RT 8.1, Windows 11, Windows 7, Windows Server 2008R/2012/2012R/2016/2019/2022 |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.