Security News > 2022 > December > Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware

Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
2022-12-14 19:13

Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days.

An astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval.

Neither of these bugs can be exploited for what's known as RCE, so they don't give outside attackers a direct route into your network.

With the wrong sort of content in a file that feels as though it ought to be "Mostly harmless", an attacker could trick you into running untrusted code instead. CVE-2022-44690 and CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerabilities.

Sophos Rapid Reponse experts, along with researchers from two other cybersecurity companies, have recently discovered and reported real-world attacks involving malware samples that were digitally signed by Microsoft itself.

Those rogue coders have now been kicked out of the Microsoft Developer Program, and the known rogue drivers have been blocklisted by Microsoft so they will no longer work.


News URL

https://nakedsecurity.sophos.com/2022/12/14/patch-tuesday-0-days-rce-bugs-and-a-curious-tale-of-signed-malware/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-44693 Unspecified vulnerability in Microsoft products
Microsoft SharePoint Server Remote Code Execution Vulnerability 		0.0
0.0
2022-12-13 CVE-2022-44690 Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
Microsoft SharePoint Server Remote Code Execution Vulnerability 		0.0
0.0