Patch Tuesday December 2022 - Items of interest

[MalwareTech]

At a quick glance, here are the vulnerabilities I found interesting in the latest patch. 

CVE-2022-44670 RCE in Windows SSL Tunnel (SSTP) on Server 2008 & 2012 - CVSS 8.1 (unsure if default/common feature)

CVE-2022-41089 RCE in .NET framework 3.5, 4.6, 4.8 - CVSS 8.8

CVE-2022-41076 RCE in PowerShell on Server 2008 & 2012 (CVSS 8.5)

CVE-2022-47211-
CVE-2022-47213 Local RCE in Microsoft Office graphics - CVSS 7.8

CVE-2022-44687 Local RCE in the RAW Image Extension - CVSS 7.8 (nondefault feature)

CVE-2022-44702 RCE in Windows Terminal for Windows 10 and 11 - CVSS 7.8 (nondefault feature, probably low risk)

CVE-2022-44667/CVE-2022-44668 RCE in Windows Media on Server 2012 to 2022 - CVSS 7.8

[Elched]

The CVE-2022-41076 puzzles me a bit. It says it can be exploited via Network so I am wondering how bad this could be and if this could be coupled with WinRM (or something else that can be used for Powershell remoting) to "automaticall distribute" the exploitation of the vulnerability in a given environment.

I have found no additional info apart from the fact that MS says that the attack complexity is high. Did I miss some interesting info?

 

Also @MalwareTech why did you mention only Win 2008 et Win 2012 for this CVE? The MSRC page shows releases for other version of Windows (https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41076). But I am notoriously bad at understanding Microsoft's documentation so I might be wrong 🙂

Edited December 14, 2022 by Elched
typo