Number: AV22-702
Date: 13 December 2022
On 13 December 2022, Microsoft published Security Updates to address vulnerabilities in multiple products. Included were critical updates for the following:
- Microsoft Dynamics – multiple versions
- Microsoft SharePoint – multiple versions
- Microsoft .NET Framework – versions 3.5 and 4.8.1
- PowerShell – versions 7.2 and 7.3
- Windows 7 – multiple versions and platforms
- Windows 8.1 – multiple versions and platforms
- Windows 10 – multiple versions and platforms
- Windows 11 – multiple versions and platforms
- Windows Server – multiple versions and platforms
Microsoft has indicated that CVE-2022-44698 has been actively exploited.
Update 1
On 13 December 2022, Microsoft upgraded CVE-2022-37958 (13 September 2022) affecting the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism from Important Information Disclosure to Critical Remote Code Execution. While there have been no reports of public exploitation, the Cyber Centre recommends clients consider applying the appropriate patches to protect their networks.
The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.