Patch Tuesday, December 2022
Today’s patch comes with fixes for six publicly exploited zero-day vulnerabilities and a total of 48 flaws. Where Seven flaws are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, 40 are rated as important and 1 rated as moderate. As per the release notes, the December 2022 patch fixed 16 Elevation of Privilege security issues, 2 security Feature Bypass Vulnerabilities, 23 Remote Code Execution bugs, 3 Information Disclosure vulnerabilities, 3 Denial of Service Vulnerabilities and 1 Spoofing Vulnerabilities.
Note – The above counts do not include twenty-five Microsoft Edge vulnerabilities fixed on 5th December 2022. Let’s take a closer look at some of the more interesting updates for this month,
Two zero-day vulnerabilities patched
CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability discovered by Will Dormann An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege Vulnerability discovered by Luka Pribanić. “Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.” CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability discovered by Microsoft Threat Intelligence Center (MSTIC). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
Update for windows client versions
The following client versions of Windows have known issues: Windows 7, Windows 8.1, Windows 10, Windows 11
Windows 7 (extended support only): 15 vulnerabilities: 3 critical and 11 important, 1 moderatePowerShell Remote Code Execution Vulnerability — CVE-2022-41076Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-44676Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability — CVE-2022-44670Windows 8.1: 20 vulnerabilities: 3 critical and 16 important, 1 moderateWindows 10: 26 vulnerabilities, 3 critical and 22 important, 1 moderateWindows 11: 25 vulnerabilities, 3 critical and 21 important, 1 moderate
Recent updates from other companies
Third-party vendors such as Citrix, Fortinet, Google, Cisco, and SAP have released updates since last month’s Patch Tuesday.
Cisco released security updates for Cisco IP Phone 7800 and 8800 phones.Citrix released security updates for a ‘Critical’ and actively exploited RCE flaw in Citrix ADA and Gateway.Fortinet released security updates for an actively exploits SSL-VPN vulnerability in FortiOS.Google released Android’s December security updates.SAP has released its December 2022 Patch Day updates.
Windows security updates December 2022
The 13 December 2022 (Patch Tuesday) windows security updates are the following:
KB5021255 (OS Build 22621.963) for the latest windows 11 version 22H2KB5021234 (OS Build 22000.1335) for the latest windows 11 version 21H2KB5021233 (OS Builds 19045.2364) for the latest windows 10 version 21H2KB5021237 (OS Build 17763.3770) for the latest Windows 10 version 1809Windows 7 and server 2008 R2 Monthly Rollup: KB5021291 and Security-Only: KB5021288Windows 8.1 and server 2012 R2 Monthly Rollup: KB5021294 and Security-only: KB5021296
All these updates only include minor patches and security fixes, rather than any new features. Note: Windows 11 was released with a number of new features and improvements as a free upgrade for eligible Windows 10 devices. Here is how to upgrade to windows 11 for free.
Windows 7
Both monthly and security-only updates
By order of the Fijian government, Fiji will not observe daylight saving time (DST) in 2022. Therefore, clocks do not change by an hour at 02:00 on November 13, 2022.A memory leak in the Local Security Authority Subsystem Service (LSASS.exe) occurs on Windows domain controllers. This issue is known to occur after installing Windows updates dated November 8, 2022, or later.
Windows 8.1 Both monthly and security-only updates, bring the same changelog as windows 7.
Fixed a memory leak in LSASS.exe (Local Security Authority Subsystem Service) on Windows domain controllers.Fiji won’t observe daylight saving time in 2022.
Windows 10
Includes unspecified “miscellaneous security improvements to internal OS functionality”.Plus, everything is listed here as part of the preview update.
Windows 11
This update addresses an issue that might affect Data Protection Application Programming Interface (DPAPI) decryption.addresses an issue that affects microphone streams that use the Listen To feature to route to the speaker endpoint. The microphone stops working after you restart the device. It addresses an issue that affects printing in landscape mode in Microsoft Edge.Fixed an issue that prevented some modern apps from starting.Improved the reliability of app installations on some Enterprise devices.Fixed an issue that prevented some customers from getting offline language packs.Fixed an issue that caused the microphone to stop working.Fixed an issue on devices on which Microsoft Defender is not the default antivirussolution. Microsoft Defender could not turn off passive mode in that scenario.Added the file extension .wcx to the list of dangerous extensions.Fixed a landscape printing mode issue in Microsoft Edge.Fixed an issue that caused File Explorer to stop working. Also, fixed a high CPU issue in file Explorer.Fixed an issue that caused certain apps to stop responding when using the Open File dialog.Fixed an issue that prevented the Windows Firewall service from starting.Fixed an issue that prevented the installation of cumulative updates.Addresses a known issue that affects the Input Method Editor (IME).
Microsoft Security update download
All these Windows 10 December 2022 Patch Tuesday updates are automatically downloaded and installed via windows update. Or you force Windows update from settings, update & security check for updates to install the latest patch updates immediately.
Windows 11 KB5021255 (Version 22H2) offline installer Direct Download Link 64-bit. Windows 11 KB5021234 (Version 21H2) offline installer Direct Download Link 64-bit. Windows 10 KB5021233 (For versions 21H2 and 21H1) Direct Download Links: 64-bit and 32-bit (x86). Windows 10 KB5021237 (for version 1809) Offline Download links
KB5021237 64-bit | DownloadKB5021237 32-bit | Download
If you are Looking for Windows 10 version 22H2 ISO image click here. Or Check How to Upgrade to Windows 10 version 22H2 Using the media creation tool If you face any difficulty while installing these updates, Check Windows 10 Update troubleshooting guide to fix the windows 10 Cumulative update KB5019959 stuck downloading, failed to install with different errors, etc. Note: New Windows Security Updates are available for Windows 7 and 8.1 as well, read the changelog here. What is Patch Tuesday?Patch Tuesday is the colloquial term for Microsoft’s Update Tuesday which falls on the second Tuesday of every month. When is Patch Tuesday?Patch Tuesday falls on the second Tuesday of each month. The upcoming Patch Tuesday is on January 10, 2023. What is patching and why is it important?Patches are nothing but pieces of software code that are written to fix a bug in a software application, that might lead to a vulnerability. What kind of patch updates are released during Patch Tuesday?Predominantly security patch updates of varying severity like Critical, Important, Moderate & Low are labeled and released. What are CVE IDs?CVE ID – Common Vulnerabilities and Exposure ID is a format in which each vulnerability is disclosed and cataloged in the National Vulnerability Database (NVD). Also Read
Complete Review of Microsoft Windows 10 Operating systemSolved: Microsoft edge not working after the windows 10 updatecan’t connect securely to this page ie11 or edge windows 10Windows 10 Stuck Preparing Automatic Repair? Here is how to fixEverything About IP (Internet Protocol) Address – Purpose to Benefits explained