Windows 10 And 11 Security Feature Alerts Bypassed By Attackers

Two zero-day vulnerabilities have been confirmed for Windows 10 and 11 users as Microsoft’s latest Patch Tuesday security update rolls out.

CVE-2022-44698 is one of two Zero-Day Windows vulnerabilities patched in the latest Microsoft Patch Tuesday security update. This vulnerability, which Microsoft confirms it has already detected exploited, affects most versions of Windows and is contained within the SmartScreen security feature. Mike Walters, Vice President of Vulnerability and Threat Research at Action1, warns that this “affects all Windows OS versions from Windows 7 and Windows Server 2008 R2 onwards. The vulnerability has a low complexity. It uses the network vector and does not require an escalation of privilege.”

Yet another Mark of the Web security issue for Windows users

Specifically, an attacker could create a file that could bypass the Mark of the Web defenses that are essential for, say, Protected View in Microsoft Office. Windows SmartScreen checks for a Mark of the Web zone ID to determine whether the file being executed originates from the Internet and, if so, performs a further reputation check. “An attacker with malicious content that would normally trigger a security alert could bypass that alert and infect even well-informed users without warning,” writes Paul Ducklin, who writes for the Sophos Naked Security blogsaid.

MORE FROM FORBESZero-day hackers break into Samsung Galaxy S22 twice in 24 hours

Will Dorman, which is credited with revealing the vulnerability in the Microsoft Security Update Guide, has warned of numerous Mark of the Web vulnerabilities over the past six months. Just last month, Microsoft patched CVE-2022-41091, which was a Mark of the Web vulnerability, which was also actively exploited by attackers.

Microsoft offers confirmed three possible attack scenarios, but does not provide further details about the exploits it has seen in the wild. Those three scenarios are as follows:

  • A web-based attack using a malicious website
  • An email or instant message attack that uses a malicious .url file
  • A user-supplied content where that content itself is malicious

Of course, all three attacks rely on user actions, such as downloading a file, clicking a link in an email, or being tricked into visiting a malicious site.

That all said, threat actors have already exploited the vulnerability in ransomware distribution campaigns, such as Magniber, and in malware campaigns that distribute the QBot trojan.

New Windows 11 22H2 zero-day also confirmed

If that’s not enough reason to make sure you apply the December Patch Tuesday rollups as soon as possible, there’s more. This month, Microsoft patched not one, but two zero-day vulnerabilities. The second, CVE-2022-44710, has been made public, but is not known to have been exploited by threat actors, Microsoft said. CVE-2022-44710 is what is known as an elevation of privilege vulnerability, which could allow the attacker to gain system privileges, and affects the DirectX graphics kernel. The scope of this is narrower than that of CVE-2022-44698, as it appears to only affect users of Windows 11 version 22H2, the current latest iteration.

MORE FROM FORBESThis Zero-Day Twitter Hack Has Already Affected 5.5 Million Users: Report

Six critical vulnerabilities patched by Microsoft’s December security update

Of course, it wouldn’t be Patch Tuesday if security fixes were limited to two zero-days, however severe that alone may be. In fact, the December patch Tuesday release contains some 49 vulnerabilities, six of which allow remote code execution (RCE) in a critical state:

  • CVE-2022-41127 is an RCE involving Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On-Premises)
  • CVE-2022-44690 and CVE-2022-44693 are both RCE vulnerabilities related to Microsoft SharePoint Server
  • CVE-2022-41076 is an RCE that affects PowerShell
  • CVE-2022-44670 and CVE-2022-44676 are both RCE vulnerabilities that have been found to affect the Windows Secure Socket Tunneling Protocol (SSTP)

Angela Gunn, a senior threat researcher at Sophos, described the SharePoint vulnerabilities because enabling an “authenticated attacker with management list permissions could allow remote code execution on a SharePoint server during a network-based attack.”

Must Read  Microsoft Patches Zero-Day Magniber Ransomware Hackers Used

Similar Articles



Please enter your comment!
Please enter your name here

About Us provides you with the latest entertainment blogs, technology, top news, and sometimes sports news and other latest news. With the increase in technology all want relevant and exact information about the blog. So, our aim is to provide clear-cut information about the articles to make your day happy and bind more and more users to the side of all topics covered in entertainment. Contact us :

Follow us


Most Popular