Patch Tuesday Fixes Actively Exploited MOTW Vulnerability

Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698, that’s being actively exploited.

Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.”

The Magniber ransomware group has been leveraging the flaw to target victims for the past few months. 0patch released a temporary micropatch in October, but Microsoft’s official patch now supersedes their fix.

Other Key Updates

Syxsense founder and CEO Ashley Leonard noted by email that it’s a relatively small Patch Tuesday, which should be welcome news for most companies as the holidays approach. “But with two zero days, it’s crucial that all IT departments deploy the recommended patches to reduce serious risk,” he said.

In addition to the SmartScreen MOTW flaw, Leonard highlighted CVE-2022-44710, a privilege escalation vulnerability in the DirectX Graphics Kernel. “An attacker who successfully exploited this vulnerability could gain system privileges, and if they could do that, then the vulnerability has a Jump Point, meaning they’re able to break out of the vulnerable component and into another area of the operating system,” he said.

Another key update, Leonard noted, patches CVE-2002-41076, a critical remote code execution flaw in PowerShell with a CVSS score of 8.5. “Without the patch, an authenticated attacker could escape the PowerShell Session Configuration and run unapproved commands on the target system,” he said.

Also read: Cybersecurity Agencies Release Guidance for PowerShell Security

Prioritizing Fixes

According to Ivanti’s 2023 State of Security Preparedness report, based on a survey of 6,500 executives, cyber security professionals, and office workers, security teams struggle to prioritize patches.

While 92 percent of security professionals said they have a method of prioritizing patches, they also said all types of vulnerabilities are given similarly high priority. “This ‘everything is urgent’ mindset not only muddies priorities for the security team, but it can also lead to high levels of stress and burnout,” the report states.

“Patching is not nearly as simple as it sounds,” Ivanti chief product officer Srinivas Mukkamala said in a statement. “Even well-staffed, well-funded IT and security teams experience prioritization challenges amidst other pressing demands.”

“To reduce risk without increasing workload, organizations must implement a risk-based patch management solution and leverage automation to identify, prioritize, and even address vulnerabilities without excess manual intervention,” Mukkamala added.

Read next: Is the Answer to Vulnerabilities Patch Management as a Service?