Microsoft has released its monthly batch of security updates for the Windows operating system components and software products that address about 50 security vulnerabilities, including a zero-day flaw exploited by hackers.
Tracked as CVE-2022-44698, the zero-day vulnerability in question is a Windows SmartScreen Security feature bypass issue that allows a remote attacker to bypass implemented security restrictions.
“An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,” Microsoft explained.
Besides CVE-2022-44698, the company fixed a publicly disclosed vulnerability affecting the DirectX Graphics component (CVE-2022-44710) that could be exploited to gain SYSTEM privileges. There are no reports that this flaw was exploited in the wild.
The December 2022 Patch Tuesday release also includes patches for a number of high-risk vulnerabilities impacting Microsoft Office Visio, Windows Media, Windows Contacts, Microsoft Raw Image Extension, Windows Secure Socket Tunneling Protocol (SSTP), .NET Framework, and other software.