Patch Tuesday Fixes Actively Exploited MOTW Vulnerability
Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698, that’s being actively exploited.
Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”
The Magniber ransomware group has been leveraging the flaw to target victims for the past few months. 0patch released a temporary micropatch in October, but Microsoft’s official patch now supersedes their fix.
Syxsense founder and CEO Ashley Leonard noted by email that it’s a relatively small Patch Tuesday, which should be welcome news for most companies as the holidays approach. “But with two zero days, it’s crucial that all IT departments deploy the recommended patches to reduce serious risk,” he said.
In addition to the SmartScreen MOTW flaw, Leonard highlighted CVE-2022-44710, a privilege escalation vulnerability in the DirectX Graphics Kernel. “An attacker who successfully exploited this vulnerability could gain system privileges, and if they could do that, then the vulnerability has a Jump Point, meaning they’re able to break out of the vulnerable component and into another area of the operating system,” he said.
Another key update, Leonard noted, patches CVE-2002-41076, a critical remote code execution flaw in PowerShell with a CVSS score of 8.5. “Without the patch, an authenticated attacker could escape the PowerShell Session Configuration and run unapproved commands on the target system,” he said.
Also read: Cybersecurity Agencies Release Guidance for PowerShell Security
According to Ivanti’s 2023 State of Security Preparedness report, based on a survey of 6,500 executives, cyber security professionals, and office workers, security teams struggle to prioritize patches.
While 92 percent of security professionals said they have a method of prioritizing patches, they also said all types of vulnerabilities are given similarly high priority. “This ‘everything is urgent’ mindset not only muddies priorities for the security team, but it can also lead to high levels of stress and burnout,” the report states.
“Patching is not nearly as simple as it sounds,” Ivanti chief product officer Srinivas Mukkamala said in a statement. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands.”
“To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize, and even address vulnerabilities without excess manual intervention,” Mukkamala added.
Read next: Is the Answer to Vulnerabilities Patch Management as a Service?
eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.
Advertise with TechnologyAdvice on eSecurity Planet and our other IT-focused platforms.
Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.