Microsoft addresses actively exploited zero-day and numerous critical flaws

Threat Level

Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Patch Tuesday for December tackles two zero-day vulnerabilities, one of which is being actively exploited (CVE-2022-44698) and another that was publicly disclosed at the time of release (CVE-2022-44710), along with the additional critical flaws that could result in Remote Code Execution, Elevation of Privilege (EoP), Security Feature Bypass, and Spoofing.