Security News > 2022 > December > Patch Tuesday: 0-days, RCE bugs, and a curious tale of signed malware
Another month, another Microsoft Patch Tuesday, another 48 patches, another two zero-days.
An astonishing tale about a bunch of rogue actors who tricked Microsoft itself into giving their malicious code an official digital seal of approval.
Neither of these bugs can be exploited for what's known as RCE, so they don't give outside attackers a direct route into your network.
With the wrong sort of content in a file that feels as though it ought to be "Mostly harmless", an attacker could trick you into running untrusted code instead. CVE-2022-44690 and CVE-2022-44693: Microsoft SharePoint Server Remote Code Execution Vulnerabilities.
Sophos Rapid Reponse experts, along with researchers from two other cybersecurity companies, have recently discovered and reported real-world attacks involving malware samples that were digitally signed by Microsoft itself.
Those rogue coders have now been kicked out of the Microsoft Developer Program, and the known rogue drivers have been blocklisted by Microsoft so they will no longer work.
News URL
Related news
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- 'Patch yesterday': Zimbra mail servers under siege through RCE vuln (source)
- October 2024 Patch Tuesday forecast: Recall can be recalled (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-44693 | Unspecified vulnerability in Microsoft products Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |
| 2022-12-13 | CVE-2022-44690 | Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Microsoft SharePoint Server Remote Code Execution Vulnerability | 8.8 |