Windows SmartScreen & DirectX Graphics Zero-day Flaw Let Attacker Gain Admin Privilege

In Cybersecurity News - Original News Source is by Blog Writer

Post Sharing

Microsoft releases a few patches in December normally, and this year is no exception. Microsoft Patch for December 2022, a total of 52 vulnerabilities in Microsoft Windows and Windows Components, Azure, Office and Office Components, SysInternals, Microsoft Edge (Chromium-based), SharePoint Server, and the.NET framework was fixed by security patches released on Tuesday. 

Twelve of these flaws were reported via the ZDI program. Six of the 52 new fixes that were issued today are classified as Critical, 43 as Important, and three as Moderate.

One of the new issues addressed this month is listed as publicly known at the time of release, and one is actively exploited.

CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability

Reports stated that this flaw, which has received a lot of discussion on the bird site, is probably connected to the Mark of the Web bug that was fixed last month. 

In this scenario, it might be possible to create a file that avoids Mark of the Web detection and thus bypass security precautions like Protected View in Microsoft Office.

Windows SmartScreen Security Feature Bypass Vulnerability which is exploited by creating malicious JavaScript files and is currently being exploited in the wild.

“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging”, reads the advisory published by the IT giant.

An attacker could exploit this flaw, 

  • In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass.
  • In an email or instant message attack scenario, the attacker could send the targeted user a specially crafted .url file that is designed to exploit the bypass.
  • Compromised websites or websites that accept or host user-provided content could contain specially crafted content to exploit the security feature bypass.

CVE-2022-44710 – DirectX Graphics Kernel elevation of privilege vulnerability

A DirectX Graphics Kernel elevation of privilege vulnerability identified as CVE-2022-44710 is another interesting problem fixed by Microsoft.

This vulnerability could lead to a contained execution environment escape. The successful exploitation of this vulnerability requires an attacker to win a race condition.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges”, according to the advisory

Microsoft was the second busiest in regard to overall activity in 2022, patching almost 900 CVEs. 

It is recommended to apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.

Penetration Testing As a Service – Download Red Team & Blue Team Workspace