Posts

Microsoft Security Bulletin Coverage for December 2022

SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2022. A list of issues reported, along with SonicWall coverage information, is as follows:

CVE-2022-44673 Windows Client Server Run-Time Subsystem (CSRSS) Elevation of Privilege Vulnerability
ASPY: 387: Malicious-exe exe.MP_291

CVE-2022-44675 Windows Bluetooth Driver Elevation of Privilege Vulnerability
ASPY: 389: Malicious-exe exe.MP_293

CVE-2022-44683 Windows Kernel Elevation of Privilege Vulnerability
ASPY: 388: Malicious-exe exe.MP_292

CVE-2022-44698 Windows SmartScreen Security Feature Bypass Vulnerability
ASPY: 390: Malformed-File js.MP_27

The following vulnerabilities do not have exploits in the wild :
CVE-2022-24480 Outlook for Android Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41074 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-41076 PowerShell Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41077 Windows Fax Compose Form Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41089 .NET Framework Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-41094 Windows Hyper-V Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41121 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-41127 Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44666 Windows Contacts Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44667 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44668 Windows Media Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44669 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44670 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44671 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44674 Windows Bluetooth Driver Information Disclosure Vulnerability
389There are no known exploits in the wild.
CVE-2022-44676 Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
389There are no known exploits in the wild.
CVE-2022-44677 Windows Projected File System Elevation of Privilege Vulnerability
388There are no known exploits in the wild.
CVE-2022-44678 Windows Print Spooler Elevation of Privilege Vulnerability
390There are no known exploits in the wild.
CVE-2022-44679 Windows Graphics Component Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2022-44680 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44681 Windows Print Spooler Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44682 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-44687 Raw Image Extension Remote Code Execution Vulnerability
389There are no known exploits in the wild.
CVE-2022-44689 Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
388There are no known exploits in the wild.
CVE-2022-44690 Microsoft SharePoint Server Remote Code Execution Vulnerability
390There are no known exploits in the wild.
CVE-2022-44691 Microsoft Office OneNote Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44692 Microsoft Office Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44693 Microsoft SharePoint Server Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44694 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44695 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44696 Microsoft Office Visio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44697 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44699 Azure Network Watcher Agent Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2022-44702 Windows Terminal Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2022-44704 Microsoft Windows Sysmon Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44707 Windows Kernel Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2022-44710 DirectX Graphics Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2022-44713 Microsoft Outlook for Mac Spoofing Vulnerability
There are no known exploits in the wild.