Critical Patches Recently Released for Microsoft Products
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Here are the two vulnerabilities reported by Microsoft, one of which is currently being exploited in the wild: CVE-2022-44698 – Windows SmartScreen Security Feature Bypass Vulnerability which is exploited by creating malicious JavaScript files and is currently being exploited in the wild. The second, CVE-2022-44710 – DirectX Graphics Kernel Elevation of Privilege Vulnerability and if exploited can allow the attacker to gain SYSTEM privileges.
What You Should Do
Check for any patching prompts or updates in your “Settings” to ensure your systems were properly patched. If you have any questions or concerns, contact us and we can help.
Have additional questions regarding this update? Contact a member of the BMT team.