Microsoft Releases December 2022 Security Updates
Scheduled updates for Microsoft products
Summary
Scheduled updates for Microsoft products
Affected platforms
The following platforms are known to be affected:
The following platforms are also known to be affected:
- Azure
- Client Server Run-time Subsystem (CSRSS)
- Microsoft Bluetooth Driver
- Microsoft Dynamics
- Microsoft Graphics Component
- Microsoft Office OneNote
- Microsoft Office Outlook
- Microsoft Office SharePoint
- Microsoft Office Visio
- Microsoft Windows Codecs Library
- Role: Windows Hyper-V
- SysInternals
- Windows Certificates
- Windows Contacts
- Windows DirectX
- Windows Error Reporting
- Windows Fax Compose Form
- Windows HTTP Print Provider
- Windows Kernel
- Windows PowerShell
- Windows Print Spooler Components
- Windows Projected File System
- Windows Secure Socket Tunneling Protocol (SSTP)
- Windows SmartScreen
- Windows Subsystem for Linux
- Windows Terminal
Threat details
Introduction
Microsoft has released updates to address 49 vulnerabilities in Microsoft products, with 6 of them rated as critical and two zero-day vulnerabilities. An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of an affected system.
Exploitation in the wild for CVE-2022-44698
Microsoft has reported exploitation of the Windows SmartScreen Security Feature Bypass Vulnerability, known as CVE-2022-44698, and CISA has added it to their Known Exploited Vulnerabilities Catalog. Affected organisations are encouraged to read Microsoft's guidance for CVE-2022-44698 and apply any relevant updates.
Remediation advice
Affected organisations are encouraged to review Microsoft’s December 2022 Security Update Summary and Deployment Information and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 14 December 2022 4:51 pm