Microsoft’s December 2022 Patch Tuesday Addresses 48 CVEs (CVE-2022-44698)

Post published on behalf of Ciarán Walsh

Microsoft patched 48 CVEs in the December 2022 Patch Tuesday update, including seven rated as critical, 40 rated as important and 1 rated as moderate. One of the vulnerabilities patched this month has been observed to be exploited in the wild. 

CVE-2022-44698 is a security feature bypass vulnerability affecting Windows Mark of the Web that has been exploited in the wild. Microsoft also patched CVE-2022-44681 , an elevation of privilege vulnerability affecting the Windows Print Spooler service. The vulnerability carries a CVSSv3 score of 7.8 and discovery was credited to the Qi'anxin Group. 

This month’s update includes patches for:

• .NET Framework
• Azure
• Client Server Run-time Subsystem (CSRSS)
• Microsoft Bluetooth Driver
• Microsoft Dynamics
• Microsoft Edge (Chromium-based)
• Microsoft Graphics Component
• Microsoft Office
• Microsoft Office OneNote
• Microsoft Office SharePoint
• Microsoft Office Visio
• Microsoft Windows Codecs Library
• Role: Windows Hyper-V
• SysInternals
• Windows Certificates
• Windows Contacts
• Windows DirectX
• Windows Error Reporting
• Windows Fax Compose Form
• Windows HTTP Print Provider
• Windows Kernel
• Windows PowerShell
• Windows Print Spooler Components
• Windows Projected File System
• Windows Secure Socket Tunneling Protocol (SSTP)
• Windows SmartScreen
• Windows Subsystem for Linux
• Windows Terminal

For more information about this month's Patch Tuesday release, including Tenable product coverage, please visit our blog.