• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
IT Infrastructure, Network Security, News

December 2022 Patch Tuesday: Two Zero Days, One Being Exploited

Microsoft's December 2022 Patch Tuesday includes fixes for more than 50 security bugs this month, including one exploited in the wild.

December 13, 2022 Zachary Comeau Leave a Comment

June 2023 Patch Tuesday. Patch Tuesday,

Microsoft has released 52 new patches this month as part of its December 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which is being actively exploited.

Of the 52 released, six are rated critical, 43 are rated important and three are rated moderate in severity, according to Zero Day Initiative, which calls this month’s release a light month for Microsoft amid the holidays.

ZDI, the vulnerability disclosure initiative of cybersecurity company Trend Micro, says this release is the smallest monthly release this year while 2022 overall was Microsoft’s second busiest year ever with over 900 vulnerabilities fixed in total.

While the number of vulnerabilities patched each month varies depending on the researcher, researchers agree that there are two zero-day bugs patched this month, one of which is being actively exploited. However, given the ratings and severity scores, there are a handful that IT admins and security professionals should prioritize.

CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability

According to ZDI, this bug is likely related to the Mark of the Web bug that Microsoft patched last month. A file could be created that evades the mark of the web (MOTW) detection and bypasses security features such as Protected View in Microsoft Office. Since many phishing attacks leverage attachments, these protections are important in preventing malware from being deployed onto a target system.

According to Satnam Narang, a senior staff research engineer at vulnerability management company Tenable, SmartScreen is a built-in Windows feature that works with its mark of the web functionality to flag files downloaded from the internet.

“Depending on how MOTW flags a file, SmartScreen will perform a reputation check,” Narang says. “This vulnerability can be exploited in multiple scenarios, including through malicious websites and malicious attachments delivered over email or messaging services.”

A potential victim would have to visit a malicious website or open the attachment in order to bypass SmartScreen, Narang adds. Since this is being exploited in the wild, admins should prioritize this patch.

CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege

The second zero-day vulnerability patched this month, this important-rated bug was publicly disclosed before Microsoft issued its security updates. Microsoft gives it a CVSS score of 7.8, but is considered to be a flaw less likely to be exploited, according to Narang, citing Microsoft’s Exploitability Index.

CVE-2022-41076 – PowerShell Remote Code Execution Vulnerability

A bug highlighted by several researchers, this critical-rated bug could allow an unauthenticated attacker to escape the PowerShell Remoting Session Configuration and run unapproved commands on an affected system, according to ZDI. PowerShell is a legitimate tool commonly used by threat actors to evade detection while moving throughout networks, so a bug impacting PowerShell and bypassing restrictions should be prioritized.

Other bugs highlighted by ZDI and Tenable include CVE-2022-44690 and CVE-2022-44693, remote code execution bugs in| Microsoft SharePoint Server; CVE-2022-44678 and CVE-2022-44681, elevation of privilege bugs in Windows Print Spooler;   CVE-2022-44713, a spoofing bug in Microsoft Outlook for Mac; and more.

Visit Microsoft’s Security Update Guide for more information on these patches.

Stay tuned for a podcast on the December 2022 Patch Tuesday releases this week!

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: Microsoft, Patch Tuesday

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.