Security News > 2022 > December > Microsoft ain't the only one squashing exploited-in-the-wild bugs this month

For its final Patch Tuesday of the year, Microsoft fixed one bug that's already been exploited and another that's publicly known, bringing its total patched to 49 vulnerabilities, six of which are rated critical.

"An attacker can craft a malicious file that would evade Mark of the Web defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging," Redmond explained in today's security update.

A second vulnerability, CVE-2022-44710, while not under active exploit is listed as publicly known, although Microsoft described it as "Exploitation less likely."

The most severe, Security Note 2622660, which received a 10 out of 10 CVSS score, is an update for an April 2018 patch that fixes Google Chromium delivered with SAP Business Client.

Cisco issued security updates for a couple of high-severity vulnerabilities this month, including a patch released today that plugs a 7.1-rated hole in the web-based management interface of Cisco Identity Services Engine.

Finally, wrapping up the monthly patch party, Google's December Android security update fixed 81 bugs in these devices.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/12/14/microsoft_december_patch_tuesday/