0-days, RCE bugs, and a curious tale of signed malware – Naked Security
Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days…
…and an astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval.
For a threat researcher’s view of the Patch Tuesday fixes for December 2002, please consult the Sophos X-Ops writeup on our sister site Sophos News:
For a deep dive into the saga of the signed malware, discovered and reported recently by Sophos Rapid Response experts who were called into deal with the aftermath of a successful attack:
And for a high-level overview of the big issues this month, just keep reading here…
Two zero-day holes patched
Fortunately, neither of these bugs can be exploited for what’s known as RCE (remote code execution), so they don’t give outside attackers a direct route into your network.
Nevertheless, they’re both bugs that make things easier for cybercriminals by providing ways for them to sidestep security protections that would usually stop them in their tracks:
CVE-2022-44710: DirectX Graphics Kernel Elevation of Privilege Vulnerability
An exploit allowing a local user to abuse this bug has apparently been publicly disclosed.
As far as we are aware, however, the bug applies only to the very latest builds (2022H2) of Windows 11.
Kernel-level EoP (elevation-of-privilege) bugs allow regular users to “promote” themselves to system-level powers, potentially turning a troublesome but perhaps limited cybercrime intrusion into a complete computer compromise.
CVE-2022-44698: Windows SmartScreen Security Feature Bypass Vulnerability
This bug is also known to have been expoited in the wild.
An attacker with malicious content that would normally provoke a security alert could bypass that notification and thus infect even well-informed users without warning.
Bugs to watch
And here are three interesting bugs that weren’t 0-days, but that crooks may well be interested in digging into, in the hope of figuring out ways to attack anyone who’s slow at patching.
Remember that patches themselves often unavoidably give attackers clear hints on where to start looking, and what sort of things to…
