{"id":23250,"date":"2022-12-14T01:39:49","date_gmt":"2022-12-14T01:39:49","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/"},"modified":"2022-12-14T01:39:49","modified_gmt":"2022-12-14T01:39:49","slug":"microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/","title":{"rendered":"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register"},"content":{"rendered":"<p> <a href=\"https:\/\/go.fiverr.com\/visit\/?bta=1052423&nci=17043\" Target=\"_Top\"><img loading=\"lazy\" decoding=\"async\" border=\"0\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/fiverr.ck-cdn.com\/tn\/serve\/?cid=40081059\"  width=\"601\" height=\"201\"><\/a>\n<\/p>\n<div id=\"body\">\n<p><span class=\"label\">Patch Tuesday<\/span> For its final Patch Tuesday of the year, Microsoft fixed one bug that&#8217;s already been exploited in the wild \u2013 and another that&#8217;s publicly known.<\/p>\n<p>That brings its total for December to 49 patched vulnerabilities, six of which are rated critical.<\/p>\n<p>The bug that&#8217;s listed as exploited-in-the-wild is tracked as <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-44698\" rel=\"nofollow\">CVE-2022-44698<\/a>. It&#8217;s a Windows SmartScreen security feature bypass vulnerability, and it received a 5.4 CVSS rating.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n        <noscript><br \/>\n            <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt=\"\"\/><br \/>\n            <\/a><br \/>\n        <\/noscript>\n    <\/div>\n<p>&#8220;An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging,&#8221; Redmond explained in today&#8217;s security update.\u00a0<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\">\n                <noscript><br \/>\n                    <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                        <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                    <\/a><br \/>\n                <\/noscript>\n            <\/div>\n<\/p><\/div>\n<p>Security guru Will Dormann is credited as reporting this particular bug, and has been <a href=\"https:\/\/twitter.com\/wdormann\/status\/1602727668344053767\" rel=\"nofollow\">tweeting<\/a> about these types of flaws since July. It is likely related to <a href=\"https:\/\/www.theregister.com\/2022\/11\/09\/microsoft_november_2022_patch_tuesday\/\">another MOTW bug<\/a> that Microsoft fixed last month.<\/p>\n<p>A second vulnerability, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2022-44710\" rel=\"nofollow\">CVE-2022-44710<\/a>, while not under active exploit (at least not that we know about) is listed as publicly known, although Microsoft described it as &#8220;exploitation less likely.&#8221;\u00a0<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>It&#8217;s a DirectX Graphics Kernel elevation of privilege flaw, and received a CVSS rating of 7.8. Successful exploitation requires an attacker to win a race condition \u2014 although, per usual, Redmond didn&#8217;t elaborate on what that race condition is. However, assuming that a miscreant did win said race condition, they could gain system privileges, so we&#8217;d suggest taking this bug seriously.<\/p>\n<p>Of the six critical bugs, we&#8217;d suggest patching first, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41076\" rel=\"nofollow\">CVE-2022-41076<\/a>, a PowerShell remote code execution (RCE) vulnerability. According to Microsoft, exploitation is &#8220;more likely.&#8221; It could allow an authenticated user to escape the PowerShell Remoting Session Configuration and then run unapproved commands on the infected system.<\/p>\n<p>&#8220;Threat actors often try to &#8216;live off the land&#8217; after an initial breach \u2013 meaning they use tools already on a system to maintain access and move throughout a network,&#8221; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2022\/12\/13\/the-december-2022-security-update-review\">explained<\/a> the Zero Day Initiative&#8217;s Dustin Childs. &#8220;PowerShell is one such tool, so any bug that bypasses restrictions is likely to be abused by intruders. Definitely don&#8217;t ignore this patch.&#8221;<\/p>\n<p>Two other critical-rated flaws, <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44690\" rel=\"nofollow\">CVE-2022-44690<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44693\" rel=\"nofollow\">CVE-2022-44693<\/a>, are a pair of SharePoint server RCEs.\u00a0\u00a0<\/p>\n<p>Kev Breen, director of cyber threat research at Immersive Labs, told <em>The Register<\/em> that patching these &#8220;should be high on the list for anyone using SharePoint internally.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\">\n            <noscript><br \/>\n                <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"><br \/>\n                    <img decoding=\"async\" src=\"https:\/\/mailinvest.blog\/wp-content\/themes\/breek\/assets\/images\/transparent.gif\" data-lazy=\"true\" data-src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Y5kpZJ0-YXvc41HmBqNZ-AAAAAo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt=\"\"\/><br \/>\n                <\/a><br \/>\n            <\/noscript>\n        <\/div>\n<p>&#8220;Attackers might exploit this vulnerability to steal confidential information to use in ransomware attacks, replace documents with new versions that contain malicious code, or create macros to infect other systems,&#8221; he explained.<\/p>\n<p>Of the other three critical RCEs, one (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-41127\" rel=\"nofollow\">CVE-2022-41127<\/a>) affects Microsoft Dynamics, and two others, (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44670\" rel=\"nofollow\">CVE-2022-44670<\/a>) and (<a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2022-44676\" rel=\"nofollow\">CVE-2022-44676<\/a>), affect Windows Secure Socket Tunneling Protocol.<\/p>\n<h3 class=\"crosshead\">Adobe fixes 37 CVEs<\/h3>\n<p>Also in its final 2022 Patch Tuesday, Adobe released three patches that fix 37 flaws in <a href=\"https:\/\/helpx.adobe.com\/security\/products\/illustrator\/apsb22-60.html\" rel=\"nofollow\">Illustrator<\/a>, <a href=\"https:\/\/helpx.adobe.com\/security\/products\/experience-manager\/apsb22-59.html\" rel=\"nofollow\">Experience Manager<\/a> and <a href=\"https:\/\/helpx.adobe.com\/security\/products\/campaign\/apsb22-58.html\" rel=\"nofollow\">Campaign Classic<\/a>. None of the bugs are listed as under exploit or publicly known.<\/p>\n<p>The security updates for Campaign Classic \u202faddresses an\u202fimportant vulnerability that could result in privilege escalation. The fixes for Experience Manager resolve flaws \u202frated important and moderate that could result in arbitrary code execution and security feature bypass. And finally, the Illustrator patches fix important bugs \u202fthat could lead to memory leak.\u00a0<\/p>\n<h3 class=\"crosshead\">SAP releases 22 new and updated patches<\/h3>\n<p>SAP today <a href=\"https:\/\/dam.sap.com\/mac\/app\/e\/pdf\/preview\/embed\/ucQrx6G?ltr=a&amp;rc=10\" rel=\"nofollow\">released<\/a> 22 new and updated patches, including five Hot News Notes and five High Priority notes.\u00a0<\/p>\n<p>The most severe, Security Note 2622660, which received a 10 out of 10 CVSS score, is an update for an April 2018 patch that fixes Google Chromium delivered with SAP Business Client.<\/p>\n<p>Of the newly released patches,Security Notes 3273480 (CVSS score of 9.9) and 3267780 (CVSS score of 9.4) address two critical vulnerabilities in SAP NetWeaver Process Integration (PI).\u00a0<\/p>\n<p>&#8220;The ORL detected that the Messaging System and the User Defined Search in SAP PI expose services through the P4 protocol that do not require user authentication, allowing attackers to make use of an open naming and directory API to access services to perform unauthorized operations,&#8221; <a href=\"https:\/\/onapsis.com\/blog\/sap-security-patch-day-december-2022\" rel=\"nofollow\">explained<\/a> Thomas Fritsch, an SAP security researcher at Onapsis.<\/p>\n<p>Additionally, Security Note 3239475 fixes a critical, 9.9-rated server-side request forgery vulnerability in SAP BusinessObjects Business Intelligence Platform.\u00a0<\/p>\n<p>&#8220;Attackers with &#8216;normal BI user privileges&#8217; are able to upload and replace any file on the Business Objects server at the operating system level, enabling attackers to take full control of the system and has a significant impact on confidentiality, integrity, and availability of the application,&#8221; according to Fritsch.<\/p>\n<h3 class=\"crosshead\">VMware patches critical bugs<\/h3>\n<p>Also today, VMware <a href=\"https:\/\/www.vmware.com\/security\/advisories.html\" rel=\"nofollow\">issued<\/a> two critical security advisories along with one other deemed important.\u00a0<\/p>\n<p><a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0033.html\" rel=\"nofollow\">CVE-2022-31705<\/a> is a critical heap out-of-bounds write vulnerability in VMware ESXi, Workstation, and Fusion. It received a maximum 9.3 CVSS score in some of the buggy products, and could allow an attacker with local admin privileges to execute code as the virtual machine&#8217;s VMX process running on the host.<\/p>\n<p>&#8220;On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed,&#8221; according to VMware.<\/p>\n<p>The other critical bug is a 9.8-rated command injection vulnerability tracked as <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0031.html\" rel=\"nofollow\">CVE-2022-31702<\/a> in VMware vRealize Network Insight. &#8220;A malicious actor with network access to the vRNI REST API can execute commands without authentication,&#8221; the virtualization giant noted.<\/p>\n<p>Meanwhile, the important security update <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0032.html\" rel=\"nofollow\">addresses<\/a> two vulnerabilities (CVE-2022-31700, CVE-2022-31701) in VMware Workspace ONE Access and Identity Manager with a 7.2 CVSS score. CVE-2022-31700 is an authenticated RCE vulnerability with a 7.2 CVSS score, while CVE-2022-31701 is a broken authentication bug that received a 5.3 severity rating.<\/p>\n<h3 class=\"crosshead\">There&#8217;s a PoC exploit for this unpatched Cisco bug<\/h3>\n<p>Cisco issued security updates for a couple of high-severity vulnerabilities this month, including a patch released today that plugs a 7.1-rated hole in the web-based management interface of Cisco Identity Services Engine (ISE). It&#8217;s tracked as <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ise-path-trav-Dz5dpzyM\" rel=\"nofollow\">CVE-2022-20822<\/a>, and could allow an authenticated attacker to list, download, and delete files on an infected device.<\/p>\n<p>The second, a stack overflow bug in the the Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware, won&#8217;t be fixed until January. It&#8217;s tracked as <a href=\"https:\/\/tools.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-ipp-oobwrite-8cMF5r7U\" rel=\"nofollow\">CVE-2022-20968<\/a> and received an 8.1 severity score.<\/p>\n<p>It&#8217;s especially troubling because, as Cisco warned, proof-of-concept exploit code is already available for this bug. While the networking giant&#8217;s security response team says it&#8217;s &#8220;not aware of any malicious use of the vulnerability,&#8221; in addition to no patch, there&#8217;s also no workarounds. We suggest praying for a Christmas miracle.<\/p>\n<h3 class=\"crosshead\">And the rest<\/h3>\n<p>Citrix also released updates to fix a &#8220;critical&#8221; RCE flaw (<a href=\"https:\/\/support.citrix.com\/article\/CTX474995\/citrix-adc-and-citrix-gateway-security-bulletin-for-cve202227518\" rel=\"nofollow\">CVE-2022-27518<\/a>) in Citrix ADA and Gateway that&#8217;s already been found and exploited by miscreants.\u00a0\u00a0<\/p>\n<p>&#8220;We are aware of a small number of targeted attacks in the wild using this vulnerability,&#8221; the vendor noted in a <a href=\"https:\/\/www.citrix.com\/blogs\/2022\/12\/13\/critical-security-update-now-available-for-citrix-adc-citrix-gateway\/\" rel=\"nofollow\">blog<\/a> that accompanied the security bulletin.<\/p>\n<h3 class=\"crosshead\">Fortinet also under attack<\/h3>\n<p>Fortinet released <a href=\"https:\/\/www.fortiguard.com\/psirt\/FG-IR-22-398\" rel=\"nofollow\">updates<\/a> for a critical heap-based buffer overflow vulnerability in FortiOS SSL-VPN, which can be exploited to crash or possibly hijack equipment. The security vendor noted it&#8217;s aware of &#8220;an instance&#8221; where this bug has been exploited, and it recommended &#8220;immediately validating your systems&#8221; against a list of indicators of compromise for the 9.3-rated flaw, tracked as CVE-2022-42475.<\/p>\n<p>Finally, wrapping up the monthly patch party, Google&#8217;s December Android <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2022-12-01\" rel=\"nofollow\">security update<\/a> fixed 81 bugs in these devices.<\/p>\n<p>&#8220;The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed,&#8221; it noted. \u00ae<\/p>\n<\/p><\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><iframe data-lazy=\"true\" data-src=\"https:\/\/www.fiverr.com\/gig_widgets?id=U2FsdGVkX18x7XQvttUTrv1oEqmGNGTgvvCUiUoJ\/AP4z\/UyMz8lXGOLpu15jIMxBbTR0gmD5uBoFvhC4KWeALQRp3h\/X\/AwcVD0K8Wj9H\/ZzYKzcCNHosB9oS4SCJJFWiN85P9ICAc4OgCoE\/wHKIY7CDkf2\/DQ1vqGvk4smVe5cRDEmrLPCWi4FC8p40VUhSmWQ5udCm0zoJtorgWv3vbDQw0kKYkwn39ozAnQXDe+YvWMxkLFWA+O3TFwkJvdkIK+\/AUSnRssPKt5WHY0FhNOxnSPcLslEL4G4\/RfP95ve99U+kRnDy3X+KtzdQLY+u935ghON\/o3UE4IMv9oN6JX9RnxzL\/LRcOgnHigxStSGPKsZYtnz8RWNVT\/rOLAibqiWJadC5MYHRbekF3eg6FOGrQGkXYbsn0+a5aovnlLCbLwIqY9fcS17UX8J235iQ6cdmHNbrPeS84CMm34RA==&affiliate_id=1052423&strip_google_tagmanager=true\" loading=\"lazy\" data-with-title=\"true\" class=\"fiverr_nga_frame\" frameborder=\"0\" height=\"350\" width=\"100%\" referrerpolicy=\"no-referrer-when-downgrade\" data-mode=\"random_gigs\" onload=\" var frame = this; var script = document.createElement('script'); script.addEventListener('load', function() { window.FW_SDK.register(frame); }); script.setAttribute('src', 'https:\/\/www.fiverr.com\/gig_widgets\/sdk'); document.body.appendChild(script); \" ><\/iframe>\n<br \/><a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2022\/12\/14\/microsoft_december_patch_tuesday\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Patch Tuesday For its final Patch Tuesday of the year, Microsoft fixed one bug that&#8217;s already been exploited in the wild \u2013 and another that&#8217;s&#8230;<\/p>\n","protected":false},"author":1,"featured_media":23251,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-23250","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech-universe"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register - mailinvest.blog<\/title>\n<meta name=\"description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register - mailinvest.blog\" \/>\n<meta property=\"og:description\" content=\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/\" \/>\n<meta property=\"og:site_name\" content=\"mailinvest.blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/freelanceracademic\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-14T01:39:49+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/patch_shutterstock.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"669\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"admin@mailinvest.blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin@mailinvest.blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/\"},\"author\":{\"name\":\"admin@mailinvest.blog\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\"},\"headline\":\"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register\",\"datePublished\":\"2022-12-14T01:39:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/\"},\"wordCount\":1264,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/patch_shutterstock.jpg\",\"articleSection\":[\"Tech Universe\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/\",\"name\":\"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register - mailinvest.blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/patch_shutterstock.jpg\",\"datePublished\":\"2022-12-14T01:39:49+00:00\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/patch_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/12\\\/patch_shutterstock.jpg\",\"width\":1000,\"height\":669},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/2022\\\/12\\\/14\\\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/mailinvest.blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#website\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"name\":\"mailinvest.blog\",\"description\":\"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mailinvest.blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#organization\",\"name\":\"mailinvest\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"contentUrl\":\"https:\\\/\\\/mailinvest.blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/default.png\",\"width\":1000,\"height\":1000,\"caption\":\"mailinvest\"},\"image\":{\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/freelanceracademic\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mailinvest.blog\\\/#\\\/schema\\\/person\\\/012701c4c204d4e4ebd34f926cfd31a4\",\"name\":\"admin@mailinvest.blog\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g\",\"caption\":\"admin@mailinvest.blog\"},\"sameAs\":[\"https:\\\/\\\/mailinvest.blog\",\"admin@mailinvest.blog\"],\"url\":\"https:\\\/\\\/mailinvest.blog\\\/index.php\\\/author\\\/adminmailinvest-blog\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register - mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register - mailinvest.blog","og_description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","og_url":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/","og_site_name":"mailinvest.blog","article_publisher":"https:\/\/www.facebook.com\/freelanceracademic\/","article_published_time":"2022-12-14T01:39:49+00:00","og_image":[{"width":1000,"height":669,"url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/patch_shutterstock.jpg","type":"image\/jpeg"}],"author":"admin@mailinvest.blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin@mailinvest.blog","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#article","isPartOf":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/"},"author":{"name":"admin@mailinvest.blog","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4"},"headline":"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register","datePublished":"2022-12-14T01:39:49+00:00","mainEntityOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/"},"wordCount":1264,"commentCount":0,"publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/patch_shutterstock.jpg","articleSection":["Tech Universe"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/","url":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/","name":"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register - mailinvest.blog","isPartOf":{"@id":"https:\/\/mailinvest.blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#primaryimage"},"image":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#primaryimage"},"thumbnailUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/patch_shutterstock.jpg","datePublished":"2022-12-14T01:39:49+00:00","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis.mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what's new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","breadcrumb":{"@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#primaryimage","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/patch_shutterstock.jpg","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/12\/patch_shutterstock.jpg","width":1000,"height":669},{"@type":"BreadcrumbList","@id":"https:\/\/mailinvest.blog\/index.php\/2022\/12\/14\/microsoft-addresses-exploited-in-the-wild-bug-among-others-the-register\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/mailinvest.blog\/"},{"@type":"ListItem","position":2,"name":"Microsoft addresses exploited-in-the-wild bug among others \u2022 The Register"}]},{"@type":"WebSite","@id":"https:\/\/mailinvest.blog\/#website","url":"https:\/\/mailinvest.blog\/","name":"mailinvest.blog","description":"Technology is forever changing, and there are always new pieces of technology to replace obsolete ones. Tons of people enjoy reading tech blogs on a daily basis. mailinvest.blog tracks all the latest consumer technology breakthroughs and shows you what&#039;s new, what matters and how technology can enrich your life. mailinvest.blog also provides the information, tools, and advice that helps when deciding what to buy.","publisher":{"@id":"https:\/\/mailinvest.blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailinvest.blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailinvest.blog\/#organization","name":"mailinvest","url":"https:\/\/mailinvest.blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/","url":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","contentUrl":"https:\/\/mailinvest.blog\/wp-content\/uploads\/2022\/01\/default.png","width":1000,"height":1000,"caption":"mailinvest"},"image":{"@id":"https:\/\/mailinvest.blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/freelanceracademic\/"]},{"@type":"Person","@id":"https:\/\/mailinvest.blog\/#\/schema\/person\/012701c4c204d4e4ebd34f926cfd31a4","name":"admin@mailinvest.blog","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/98ed217bd0f3d6a6dcae2d9b0c76e305b049a07275e315e1407e19ec8b08e139?s=96&d=mm&r=g","caption":"admin@mailinvest.blog"},"sameAs":["https:\/\/mailinvest.blog","admin@mailinvest.blog"],"url":"https:\/\/mailinvest.blog\/index.php\/author\/adminmailinvest-blog\/"}]}},"_links":{"self":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/23250","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/comments?post=23250"}],"version-history":[{"count":0,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/posts\/23250\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media\/23251"}],"wp:attachment":[{"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/media?parent=23250"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/categories?post=23250"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailinvest.blog\/index.php\/wp-json\/wp\/v2\/tags?post=23250"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}