Skip to content
BLOG

Patch Tuesday December 2022

Jordan Hammond fun headshot
Jordan Hammond|December 13, 2022
Patch Tuesday December 2022
Patch Tuesday December 2022
Sections

It’s the final Patch Tuesday of 2022,and I’ve written this paragraph before any of the information has actually dropped, so we’ll see if I can guess how things will go this time around. I predict that the patching gods will give us a break so we can have a nice, serene, and peaceful entry into the new year. 

I’m back, and I was right! (Even if you have no reason to believe me because you are reading this in one sitting.) Overall, we are looking at only 49 exploits being patched with seven being critical. The only smudge on this fantastic month is that one vulnerability is publicly disclosed, and one is already exploited. 

Some highlights (or lowlights) 

CVE-2022-41076: This critical exploit is listed as an 8.5 and is a Remote Code Execution Vulnerability. While this looks bad on the surface, it has a high complexity, and it does require privileges to work. I am going to put in all my bias and say that 8.5 is an artificially inflated score because PowerShell is a part of it. LEAVE POWERSHELL ALONE!!!! 

CVE-2022-44690: This 8.8 Remote Code Execution is the highest rated vulnerability patched this month. It does require some privileges to execute, but low complexity and network attack vector makes it rated a bit higher. This exploit is open to anyone that has the Manage List permissions on a SharePoint server.  

CVE-2022-44698: This one is only a 5.4 threat, but it is already exploited in the wild. So it’s worth a quick look. This exploit is about bypassing security for SmartScreen. It is going to require you to download a malicious file to really have an impact, so I strongly recommend not doing that.... 

Wrapping up 

This will probably be my last Patch Tuesday write up as I can clearly see the future, and I plan to exploit that fact for extreme wealth. While my incredible mind powers make it so I won’t need to worry so much about patching, as I know what will happen anyway, this is not true for everyone. You may not have magic powers, but you can simulate pure magic with PDQ Deploy and PDQ Inventory. With those set up, your system could already be patching while you marvel at my mind powers.

Loading...

Jordan Hammond fun headshot
Jordan Hammond

Jordan had spent his life wondering why tasks he didn’t like to do had no options to complete themselves. Eventually he had to make that happen on his own. It turned out that he enjoyed making tasks complete themselves, and PDQ thought that is something he should talk about on the internet.

Related articles

Security green

What is attack surface management?

SECURITY

Illustration that shows logo of PDQ Connect

PDQ Connect announces custom fields

PRODUCT

Product connect

Inside look: How PDQ’s IT team uses Connect

PRODUCT