Top 5 Zero-day Vulnerabilities of December
1. CVE-2022-44698
Severity - Medium
Windows SmartScreen Security Feature Bypass Vulnerability.
More details : https://vi.strobes.co/cve/CVE-2022-44698
Zero day references:
Patch references:
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021235
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021233
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021234
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021249
- https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5021237
- https://www.cybersecurity-help.cz/vdb/SB2022121336
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-44698
2. CVE-2022-42856
Severity - High
A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.1.2. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.1..
More details : https://vi.strobes.co/cve/CVE-2022-42856
Zero day references:
Patch references:
- https://www.cybersecurity-help.cz/vdb/SB2022121376
- https://support.apple.com/en-us/HT213531
- https://support.apple.com/en-us/HT213532
- https://support.apple.com/en-us/HT213537
- https://support.apple.com/en-us/HT213516
- https://support.apple.com/en-us/HT213535
3. CVE-2022-42827
Severity - High
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS 16. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
More details : https://vi.strobes.co/cve/CVE-2022-42827
Zeroday references:
Patch references:
- https://www.cybersecurity-help.cz/vdb/SB2022102435
- https://support.apple.com/en-us/HT213490
- https://support.apple.com/en-us/HT213489
4. CVE-2022-42856
Severity - High
Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
More details: https://vi.strobes.co/cve/CVE-2022-4262
Zero day references:
Patch references:
- https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
- https://www.cybersecurity-help.cz/vdb/SB2022120301
- https://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security
- https://crbug.com/1394403
5. CVE-2022-42475
Severity - Low
More details : https://vi.strobes.co/cve/CVE-2022-42475
Zero day references:
Patch references:
Zero-Day Attack Prevention:
These exploits are unpredictable, zero-day protection is necessary. Here are some suggestions regarding how to safeguard your software and vulnerable programmes from zero-day attacks.
- Once the security patches are available, update all programmes and software.
- Web application software must be employed to secure the website. You are capable of precisely detecting attacks.
- Install a security package for the internet. It often comprises default-deny protection, heuristic file analysis, smart anti-virus, and sandboxing techniques.
- Operate on sites that are secured with Secure Socket Layer (SSL).
- Go for multiple layer protection with Web application firewalls.
- Protect the content of individual transmissions with the help of Virtual LANs.
Stay ahead of threats using Strobes:
Strobes will help you correlate data between vulnerability scans and vulnerability intelligence making sure to keep you updated whenever there is a zero-day in the wild.
Schedule a demo to use our products Strobes VM365 and Strobes PTaaS.
Subscribe to our blog
Subscribe and get actionable insights delivered to your inbox.
