Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

December 2022 Patch Tuesday fixed 2 zero-day flaws

Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework. 12 of these vulnerabilities were submitted through the ZDI program. Six vulnerabilities […]

Microsoft Patch Tuesday

Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products.

Microsoft December 2022 Patch Tuesday security updates addressed 52 vulnerabilities in Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework. 12 of these vulnerabilities were submitted through the ZDI program.

Six vulnerabilities are rated Critical, 43 Important, and three are Moderate in severity. Microsoft December 2022 Patch Tuesday security updates fixed two zero-day vulnerabilities; one of the new issues addressed this month is listed as publicly known at the time of release, and one is actively exploited.

The actively exploited zero-day is a Windows SmartScreen security feature bypass vulnerability tracked as CVE-2022-44698.

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.” reads the advisory published by the IT giant.

Another interesting flaw addressed by Microsoft is a DirectX Graphics Kernel elevation of privilege vulnerability tracked as CVE-2022-44710.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” reads the advisory. “Successful exploitation of this vulnerability requires an attacker to win a race condition.”

The full list of CVEs released by Microsoft for December 2022 is available here.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, December 2022 Patch Tuesday)

[adrotate banner=”5″]

[adrotate banner=”13″]