Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
52 CVEs got addressed through the December 2022 Patch Tuesday
6 min. read
Updated onOctober 4, 2023
updated onOctober 4, 2023
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Here we are, in December, and instead of receiving Christmas carols or gifts in our stockings, Microsoft is giving us another batch of security updates for the Windows operating system.
It’s the second Tuesday of the month, which means that Windows users are looking towards Microsoft in hopes that some of the flaws they’ve been struggling with will finally get fixed.
We’ve already provided thedirect download linksfor the cumulative updates released today for Windows 7, 8.1, 10, and 11, but now it’s time to talk about Critical Vulnerabilities and Exposures again.
For December, Microsoft released 52 new patches, which is a lot more than some people were expecting right before we switch to 2023.
These software updates address CVEs in:
We got 52 new fixes in December 2022’s Patch Tuesday rollout
It’s safe to say that this wasn’t either the busiest or the lightest month for Redmond-based security experts, so we should be sort of glad.
You might like to know that, out of the 52 new CVEs released, 43 are rated Important, and three are rated Moderate in severity.
And, if you are looking for an overall for the year 2022, know that it actually was Microsoft’s second busiest ever with Microsoft fixing over 900 CVEs in total.
Out of all these vulnerabilities addressed this month, one of the new CVEs is listed as publicly known, and one is listed as being in the wild at the time of release
You might want to remember that these types of bugs are often wrapped into some form of social engineering attack, such as convincing someone to open a file or click a link.
Let’s take a closer look at the full list of CVEs released by Microsoft for December 2022:
The PowerShell Remote Code Execution Vulnerability is nothing to take lightly. This Critical-rated bug could actually allow an authenticated user to escape the PowerShell Remoting Session Configuration and run unapproved commands on an affected system.
Malicious third parties often try to live off the land after an initial breach, which means that they use tools already on a system to maintain access and move throughout a network.
Know that PowerShell is one such tool, so any bug that will therefore bypass active restrictions is likely to be abused by unwanted guests.
As for the remaining Critical-rated fixes, there are two patches for the older Secure Socket Tunneling Protocol (SSTP).
According to Microsoft, both could allow a remote, unauthenticated threat actor to get code execution on an affected system by sending a specially crafted connection request to a server with the RAS Server role enabled.
There are 16 other remote code execution bugs getting fixes this December, packed along with 18 other patches addressing Elevation of Privilege (EoP) bugs.
Let’s also mention the one new advisory (ADV220005) this month, which provides additional guidance on third-party drivers that appear to be certified by the Microsoft Windows Hardware Developer Program.
The tech company stated that the drivers that appear to have been certified by this program have been seen in the wild in post-exploitation activity.
Have you found any other issues after installing this month’s security updates? Share your experience with us in the comments section below.
More about the topics:patch tuesday,windows 10,Windows 10 October Update,Windows Update
Madalina Dinita
Networking & Security Specialist
Madalina has been a Windows fan ever since she got her hands on her first Windows XP computer.
She is interested in all things technology, especially emerging technologies – AI and DNA computing in particular.
Prior to joining the WindowsReport team, she worked in the corporate world for a number of years.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Madalina Dinita
Networking & Security Specialist
Madalina is a Windows fan since forever, especially interested in AI, emerging technologies, privacy, and security.
