2022 December Patch Tuesday

Patch Tuesday Webinar
Wednesday, December 14, 2022
Hosted by Chris Goettl and Todd Schell

Agenda
December 2022 Patch Tuesday Overview
In the News
Bulletins and Releases
Between Patch Tuesdays
Q & A

Copyright © 2022 Ivanti. All rights reserved.
December Patch Tuesday 2022
Twas the twelfth Patch Tuesday of 2022 and luckily there is only one Zero-day and a few updates to worry
about. Microsoft resolved CVE-2022-44698 in Windows SmartScreen along with 55 other CVEs, Mozilla
resolved 11 CVEs across three updates, and there are a number of recent threat actor activities to be
aware of this month.

In the News
 Google patches eighth zero-day exploit in Chrome this year
 https://www.securityweek.com/google-patches-eighth-chrome-zero-day-2022
 Apple fixes ‘actively exploited’ zero-day security vulnerability affecting most
iPhones
 https://techcrunch.com/2022/12/13/apple-zero-day-webkit-iphone/
 https://www.bleepingcomputer.com/news/apple/apple-fixes-new-webkit-zero-day-used-in-
attacks-against-iphones/
 Hackers exploit critical Citrix ADC and Gateway zero day, patch now
 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-citrix-adc-and-
gateway-zero-day-patch-now/

Recent Threat Advisories
Ivanti Neurons for Risk-Based Vulnerability Management pulls from over 100 different sources of threat intelligence
data. There were four new advisories in the past couple weeks based on activities detected by CSW, which is one of
those many sources. Many of the CVEs have been exploited since the vulnerabilities were originally discovered and
updates were provided. Our guidance is to investigate each of these advisories to ensure you have mitigated or
remediated each of them to reduce risk to your environments:
 November 28th Threat Advisory - "Windows Internet Key Exchange (IKE) Remote Code Execution Vulnerability
exploited in the wild targeting CVE-2022-34721, which was resolved in the September 2022 Patch Tuesday release.
Originally the CVE was not known to be exploited, but according to the advisory there is activity in at least one
campaign referred to as “bleed you” targeting 1000+ systems still exposed by this vulnerability.
 December 1st Threat Advisory - "North Korea Hackers Using New "Dolphin" Backdoor to Spy on South Korean
Targets." Researchers have analyzed a previously unreported backdoor used by the ScarCruft APT group (aka APT37).
The backdoor, referred to as Dolphin, includes a wide range of spying tools to capture data, credentials and exfiltrate
the stolen information. The recent campaign is targeting a pair of older CVEs (CVE-2021-26411, CVE-2020-1380) that
are still exposed on systems.

Recent Threat Advisories Cont.
 December 8th Threat Advisory - "Internet Explorer 0-day exploited by North Korean actor APT37 aka ScarCruft." Also
from APT37, this advisory is warning of continued activity around the IE Zero-Day CVE-2022-41128 resolved in
November, CVE-2021-26411, and CVE-2020-1380. All three were confirmed Zero Day vulnerabilities when they were
first resolved.
 December 8th Threat Advisory - "Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities.” The
botnet is targeting 17 CVEs across a variety of IoT devices from routers to cameras, firewalls, NAS devices and more.
The full list can be found in the Fortinet blog post, but the list dates from eight more recent 2022 CVEs to a really old
2014 CVE.
 Guidance on Microsoft Signed Drivers Being Used Maliciously
 Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program
were being used maliciously in post-exploitation activity. Microsoft has completed its investigation and
determined that the activity was limited to the abuse of several developer program accounts and that no
compromise has been identified. We’ve suspended the partners' seller accounts and implemented blocking
detections to help protect customers from this threat.
 https://msrc.microsoft.com/update-guide/vulnerability/ADV220005

Downloadable Assets
 Security Insights [Podcast]: https://ivantiinsights.buzzsprout.com/
 Next episode will be coming soon! We wanted to call it "Quit Yer Bitchin': No such thing as a perfect
disclosure policy“, but that got shot down. So it will be "Prisoner Priorities: Why Disclosure Polices Can't
Please Everyone“ or something like that.
 Press Reset: A 2023 Cybersecurity Status Report [PDF]: https://www.ivanti.com/lp/security/assets/s1/2023-
cybersecurity-status-report
 https://www.businesswire.com/news/home/20221212005614/en/One-in-Five-Security-Professionals-
Won%E2%80%99t-Bet-a-Chocolate-Bar-They-Could-Prevent-a-Damaging-Breach
 2023 Cybersecurity Strategy Tool Kit for Internal Buy-In
[PDF]: https://www.ivanti.com/resources/v/doc/ebooks/ivi-2702-cybersecurity-tool-kit-internal-buy-in-budget-
influence-non-infosec
 The Ultimate Guide to Risk-based Patch Management
[PDF]: https://www.ivanti.com/resources/v/doc/ebooks/ivi-2705-ultimate-guide-to-risk-based-patch-
management-ebook

Known Exploited Vulnerabilities
 CVE-2022-44698 Windows SmartScreen Security Feature Bypass
Vulnerability
 CVSS 3.1 Scores: 5.4 / 5.0
 Severity: Moderate
 Windows 10, Windows 11, Server 2016, Server 2019, and Server 2022

Publicly Disclosed Vulnerabilities
 CVE-2022-41043 Microsoft Office Information Disclosure Vulnerability
 CVSS 3.1 Scores: 3.3 / 2.9
 Severity: Important
 Office 2019 for Mac, Microsoft Office LTSC for Mac 2021
 Re-issue from original back in October 2022
 CVE-2022-44710 DirectX Graphics Kernel Elevation of Privilege
Vulnerability
 CVSS 3.1 Scores: 7.8 / 6.8
 Severity: Important
 Windows 11 Version 22H2 for x64-based Systems
 Re-issue from original back in October 2022

Microsoft Patch Tuesday Updates of Interest
 Advisory 990001 Latest Servicing Stack Updates (SSU)
 https://msrc.microsoft.com/update-guide/en-US/vulnerability/ADV990001
 No stand-alone service stack updates this month
 Azure and Development Tool Updates
 .NET Core 3.1
 .NET 6.0
 .NET 7.0
 Azure Network Watcher VM Extension
 Power Shell 7.2
 Visual Studio 2019 version 16.11
 Visual Studio 2022 (multiple)
 Windows Subsystem for Linux (WSL2)

Server 2012/2012 R2 EOL is Coming
 Lifecycle Fact Sheet
 https://docs.microsoft.com/en-us/lifecycle/products/windows-server-2012-r2
Source: Microsoft

Windows 10 and 11 Lifecycle Awareness
Windows 10 Enterprise and Education
Version Release Date End of Support Date
22H2 10/18/2022 5/13/2025
21H2 11/16/2021 6/11/2024
21H1 5/18/2021 12/13/2022
20H2 10/20/2020 5/9/2023
Windows 10 Home and Pro
22H2 10/18/2022 5/14/2024
21H2 11/16/2021 6/13/2023
21H1 5/18/2021 12/13/2022
Windows Server
2019 11/13/2019 1/9/2024
2022 8/18/2021 10/13/2026
Windows 11 Home and Pro
22H2 9/20/2022 10/8/2024
21H2 10/4/2021 10/10/2023

Patch Content Announcements
 Announcements Posted on Community Forum Pages
 https://forums.ivanti.com/s/group/CollaborationGroup/00Ba0000009oKICEA2
 Subscribe to receive email for the desired product(s)

MFSA-2022-51: Security Update Firefox 108
 Maximum Severity: Critical (High)
 Affected Products: Security Update Firefox
 Description: This update from Mozilla addresses critical vulnerabilities in the Firefox
browser on multiple platforms.
 Impact: Remote Code Execution, Security Feature Bypass, Spoofing and
Information Disclosure
 Fixes 8 Vulnerabilities: CVE-2022-46871, CVE-2022-46872, CVE-2022-46873,
CVE-2022-46874, CVE-2022-46875, CVE-2022-46877, CVE-2022-46878, CVE-2022-
46879
 Restart Required: Requires application restart
 Known Issues: None

MFSA-2022-52: Security Update Firefox ESR 102.6
 Affected Products: Security Update Firefox ESR
 Description: This update from Mozilla addresses critical vulnerabilities in the Firefox
browser on multiple platforms.
 Impact: Remote Code Execution, Security Feature Bypass and Information
Disclosure
CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882

MFSA-2022-53: Security Update for Thunderbird 102.6
 Affected Products: Security Update Thunderbird
 Description: This update from Mozilla addresses critical vulnerabilities in the
Thunderbird email program on multiple platforms.
 Impact: Remote Code Execution, Security Feature Bypass and Information
Disclosure
CVE-2022-46878, CVE-2022-46880, CVE-2022-46881, CVE-2022-46882

MS22-12-W11: Windows 11 Update
 Maximum Severity: Critical
 Affected Products: Microsoft Windows 11 Version 21H2, 22H2, and Edge
Chromium
 Description: This bulletin references KB 5021234 (21H2) and KB 5021255 (22H2).
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Defense in Depth, Elevation of Privilege, Information Disclosure
 Fixes 26 Vulnerabilities: CVE-2022-44698 is known exploited. CVE-2022-44710
is known exploited. See the Security Update Guide for the complete list of CVEs.
 Restart Required: Requires restart
 Known Issues: See next slide

December Known Issues for Windows 11
 KB 5021234 – Windows 11 version 21H2
 [Direct Access] After you install this or later updates, you might be unable to reconnect
to Direct Access after temporarily losing network connectivity or transitioning between
Wi-Fi networks or access points. Workaround: This issue is resolved using Known
Issue Rollback (KIR). Enterprise-managed devices that have installed an affected
update and encountered this issue can be resolved by installing and configuring a
special Group Policy. See KB for details.
 [SQL Connect] After installing this update, apps that use ODBC connections through
Microsoft ODBC SQL Server Driver (sqlsrv32.dll) to access databases might not
connect. Workaround: None. Microsoft is working on a resolution.

December Known Issues for Windows 11 (cont)
 KB 5021255 – Windows 11 version 22H2
 [Provision] Using provisioning packages on Windows 11, version 22H2 (also called
Windows 11 2022 Update) might not work as expected. Windows might only be
partially configured, and the Out Of Box Experience might not finish or might restart
unexpectedly. Workaround: Provision before updating to 22H2. Microsoft is working
on a resolution.
 [Slow Copy] Copying large multiple gigabyte (GB) files might take longer than
expected to finish on Windows 11, version 22H2. Workaround: Use file copy tools
that do not use cache manager (buffered I/O). See KB for multiple mitigations.
Microsoft is working on a resolution.
 [Direct Access]
 [SQL Connect]

MS22-12-W10: Windows 10 Update
 Affected Products: Microsoft Windows 10 Versions 1607, 1809, 20H2, 21H1, 21H2,
Server 2016, Server 2019, Server 2022, Server 2022 Datacenter: Azure Edition and
Edge Chromium
 Description: This bulletin references 5 KB articles. See KBs for the list of changes.
 Impact: Remote Code Execution, Security Feature Bypass, Denial of Service,
Defense in Depth, Elevation of Privilege, Information Disclosure
 Fixes 26 Vulnerabilities: CVE-2022-44698 is known exploited. See the Security
Update Guide for the complete list of CVEs.

December Known Issues for Windows 10
 KB 5021243 – Windows 10
 [SQL Connect]
 KB 5021235 Windows 10 version 1607, Server 2016
 [SQL Connect]
 KB 5021237 – Windows 10 Enterprise 2019 LTSC, Windows 10 IoT
Enterprise 2019 LTSC, Windows 10 IoT Core 2019 LTSC, Windows
Server 2019
 [Cluster Update] After installing KB 5001342 or later, the Cluster Service might fail
to start because a Cluster Network Driver is not found. Workaround: This issue
occurs because of an update to the PnP class drivers used by this service. After
about 20 minutes, you should be able to restart your device and not encounter this
issue. For more information about the specific errors, cause, and workaround for
this issue, please see KB 5003571.
 [SQL Connect]

December Known Issues for Windows 10 (cont)
 KB 5021233 – Windows 10 Enterprise and Education version 20H2,
Windows 10 IoT Enterprise version 20H2, Windows 10 on Surface Hub
Windows 10 version 21H1, Windows 10 version 21H2, Windows 10
version 22H2
 [Edge Removed] Devices with Windows installations created from custom offline
media or custom ISO image might have Microsoft Edge Legacy removed by this
update, but not automatically replaced by the new Microsoft Edge. Devices that
connect directly to Windows Update to receive updates are not affected.
Workaround: Slipstream the SSU released March 29, 2021 or later into the custom
offline media or ISO image before slipstreaming the LCU. Or install Microsoft Edge
if you have encountered affected media. See KB for details.
 [SQL Connect]

MS22-12-MR2K8-ESU: Monthly Rollup for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008 and IE 9
 Description: This cumulative security update contains improvements that are part of
update KB 5020019 (released November 8, 2022) and update KB5021657 (released
November 17, 2022). Bulletin is based on KB 5021289.
 Impact: Remote Code Execution, Defense in Depth, Elevation of Privilege,
 Fixes 12 Vulnerabilities: No vulnerabilities were known exploited or publicly
disclosed. See the Security Update Guide for the complete list of CVEs.

December Known Issues for Server 2008
 KB 5021289 – Windows Server 2008 (Monthly Rollup)
 [Domain Join] After this update or a later Windows update is installed, domain join
operations might be unsuccessful and error "0xaac (2732):
NERR_AccountReuseBlockedByPolicy" occurs. Additionally, text stating "An
account with the same name exists in Active Directory. Re-using the account was
blocked by security policy" might be displayed. Workaround: Microsoft has added
guidance to KB 5020276 and is evaluating whether optimizations can be made in a
future Windows Update.
 [SQL Connect]
 KB 5021293 – Windows Server 2008 (Security-only Update)
 [Domain Join]
 [SQL Connect]

MS22-12-SO2K8-ESU: Security-only Update for Windows Server 2008
 Affected Products: Microsoft Windows Server 2008
 Description: Bulletin is based on KB 5021293.
 Impact: Remote Code Execution, Defense in Depth, Elevation of Privilege,
 Known Issues: See previous slide

MS22-12-MR7-ESU: Monthly Rollup for Win 7
MS22-12-MR2K8R2-ESU Monthly Rollup for Server 2008 R2
 Affected Products: Microsoft Windows 7, Server 2008 R2, and IE 11
 Description: This cumulative security update contains improvements that are part of update
KB 5020000 (released November 8, 2022) and update KB 5021651 (released November 17,
2022). Bulletin is based on KB 5021291.
 Impact: Remote Code Execution, Denial of Service, Defense in Depth, Elevation of Privilege,
 Fixes 15 Vulnerabilities: No vulnerabilities were known exploited or publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
 Known Issues: [Domain Join] and [SQL Connect]

MS22-12-SO7-ESU: Security-only Update for Win 7
MS22-12-SO2K8R2-ESU: Security-only Update for Server 2008 R2
 Affected Products: Microsoft Windows 7 and Server 2008 R2
 Impact: Remote Code Execution, Denial of Service, Defense in Depth, Elevation of
Privilege, Information Disclosure

MS22-12-MR8: Monthly Rollup for Server 2012
 Affected Products: Microsoft Windows Server 2012 and IE
 Description: This cumulative security update contains improvements that are part of
update KB 5020009 (released November 8, 2022) and update KB 5021652 (released
November 17, 2022). Bulletin is based on KB 5021285.
 Fixes 19 Vulnerabilities: No vulnerabilities were known exploited or publicly disclosed.
See the Security Update Guide for the complete list of CVEs.

MS22-12-SO8: Security-only Update for Windows Server 2012
 Affected Products: Microsoft Windows Server 2012

MS22-12-MR81: Monthly Rollup for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2, and IE
 Description: his cumulative security update includes improvements that are part of update KB
5020023 (released November 8, 2022) and update KB 5021653 (released November 17, 2022).
Bulletin is based on KB 5021294.
 Fixes 20 Vulnerabilities: No vulnerabilities were known exploited or publicly disclosed. See
the Security Update Guide for the complete list of CVEs.
NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.

MS22-12-SO81: Security-only Update for Win 8.1 and Server 2012 R2
 Affected Products: Microsoft Windows 8.1, Server 2012 R2
 Fixes 20 Vulnerabilities: No vulnerabilities were known exploited or publicly disclosed.
See the Security Update Guide for the complete list of CVEs.
NOTE: Microsoft displays a dialog box to remind users about the EOS for Windows 8.1 in January 2023.

MS22-12-SPT: Security Updates for SharePoint Server
 Affected Products: Microsoft SharePoint Server Subscription Edition, Microsoft
SharePoint Foundation Server 2013, SharePoint Enterprise Server 2013, SharePoint
Enterprise Server 2016, and SharePoint Server 2019
 Description: This security update resolves 2 Microsoft SharePoint Server remote
code execution vulnerabilities. This bulletin is based on 5 KB articles.
 Impact: Remote Code Execution
 Fixes 2 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited. CVE-2022-44693 and CVE-2022-44690 are fixed in this release.
 Known Issues: None reported

MS22-12-OFF: Security Updates for Microsoft Office
 Maximum Severity: Important
 Affected Products: Office 2019 for Mac, Office 2021 LTSC for Mac, and Visio 2013
& 2016
 Description: This security update resolves several issues in the Microsoft Office
suite of products. This bulletin references 5 KB articles and release notes.
 Impact: Remote Code Execution and Spoofing
 Fixes 3 Vulnerabilities: CVE-2022-44692, CVE-2022-44695, and CVE-2022-
44713 were addressed in this KB. CVE-2022-41043 is publicly disclosed. See the
Security Update Guide for the complete description.

MS22-12-O365: Security Updates Microsoft 365 Apps, Office 2019
and Office LTSC 2021
 Affected Products: Microsoft 365 Apps, Office 2019 and Office LTSC 2021
 Description: This month’s update resolved various bugs and performance issues in
Office applications. Information on the security updates is available at
https://docs.microsoft.com/en-us/officeupdates/microsoft365-apps-security-updates.
 Fixes 11 Vulnerabilities: No vulnerabilities are publicly disclosed or known
exploited.

MS22-12-MRNET: Monthly Rollup for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
 Description: This security update addresses a vulnerability where restricted mode is
triggered for the parsing of XPS files, preventing gadget chains which could allow
remote code execution on an affected system. This bulletin references 19 KB articles.
 Fixes 1 Vulnerability: CVE-2022-41089 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

MS22-12-SONET: Security-only Update for Microsoft .NET
 Affected Products: Microsoft Windows .Net Framework 2.0 through 4.8.1
 Description: This security update addresses a vulnerability where restricted mode is
triggered for the parsing of XPS files, preventing gadget chains which could allow
remote code execution on an affected system. This bulletin references 19 KB articles.
 Fixes 1 Vulnerability: CVE-2022-41089 is not publicly disclosed or known
exploited.
 Restart Required: Does not require a system restart after you apply it unless files
that are being updated are locked or are being used.

Release Summary
 Security Updates (with CVEs): Google Chrome (3), Firefox (1), Firefox ESR (1), Thunderbird (2),
VLC Media Player (1), VMware Tools (1), Zoom Client (1)
 Security (w/o CVEs): Adobe Acrobat and Reader 2022 Classic (1), Adobe Acrobat DC and Acrobat
Reader DC (1), Box Edit (1), CCleaner (1), Google Chrome (1), Falcon Sensor for Windows (4), Citrix
Workspace App LTSR (1), Docker for Windows (2), Dropbox (1), Evernote (2), Firefox (1), FileZilla Client (1),
GoodSync (2), Google Earth Pro (1), IrfanView (1), Jabra Direct (1), LibreOffice (1), LogMeIn (1),
Malwarebytes (1), Node.JS (Current) (2), Opera (4), VirtualBox (1), Skype (1), Slack Machine-Wide Installer
(1), Snagit (1), Tableau Desktop (4), Tableau Prep Builder (1), Tableau Reader (1), TeamViewer (1), VMware
Workstation Player (1), VMware Workstation Pro (1), WinSCP (1), Wireshark (2)
 Non-Security Updates: AIMP (2), Amazon WorkSpaces (1), Camtasia (2), Google Drive File Stream
(1), GeoGebra Classic (2), Inkscape (1), NextCloud Desktop Client (1), PDF-Xchange PRO (1), PSPad (1),
Python (3), RingCentral App (Machine-Wide Installer) (2), Rocket.Chat Desktop Client (1), ScreenPresso (1),
TreeSize Free (1), Cisco WebEx Teams (1), WeCom (1)

Third Party CVE Information
 Google Chrome 107.0.5304.122
 CHROME-221125, QGC10705304122
 Fixes 1 Vulnerability: CVE-2022-4135
 CHROME-221130, QGC1080535972
 Fixes 22 VulnerabilitiesCVE-2022-4174, CVE-2022-4175, CVE-2022-4176, CVE-
2022-4177, CVE-2022-4178, CVE-2022-4179, CVE-2022-4180, CVE-2022-4181,
4186, CVE-2022-4187, CVE-2022-4188, CVE-2022-4189, CVE-2022-4190, CVE-
2022-4191, CVE-2022-4192, CVE-2022-4193, CVE-2022-4194, CVE-2022-4195
 CHROME-221202, QGC1080535995

Third Party CVE Information (cont)
 Firefox 107.0
 FF-221115, QFF1070
 Fixes 19 Vulnerabilities: CVE-2022-40674, CVE-2022-45403, CVE-2022-45404, CVE-2022-
2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-2022-45413, CVE-2022-45415,
45420, CVE-2022-45421
 Firefox ESR 102.5.0
 FFE-221115, QFFE10250
 Fixes 13 Vulnerabilities: CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-
2022-45412, CVE-2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421

 Thunderbird 102.5.0
 TB-221115, QTB10250
 Fixes 13 Vulnerabilities: CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406,
CVE-2022-45408, CVE-2022-45409, CVE-2022-45410, CVE-2022-45411, CVE-2022-45412, CVE-
2022-45416, CVE-2022-45418, CVE-2022-45420, CVE-2022-45421
 Thunderbird 102.5.1
 TB-221130, QTB10251
 Zoom Client 5.12.9.10650
 ZOOM-221128, QZOOM51210650

 VLC Media Player 3.0.18
 VLC-221129, QVLC3018 & QVLC3018MSI
 VMware Tools 12.1.5
 VMWT12-221130, QVMWT1215

Thank You!

2022 December Patch Tuesday

More Related Content

2022 December Patch Tuesday