January Vuln of the Month: CVE-2022-44698

Jan 10, 2023
Jerry Gamblin
Director of Security Research at Kenna Security

Share with Your Network

It’s a new year, but a familiar problem: A Windows vulnerability that has the potential to cause headaches for Microsoft shops that aren’t up to date on their patches. That’s right, it’s time for Vuln of the Month, January 2023 edition! 

This month we present CVE-2022-44698, a security feature bypass vulnerability in Windows SmartScreen that could pose a solid risk to organizations whose employees are targeted by threat actors. If exploited—and exploits have already been observed—the result can be bypassed security features, such as Mark of the Web (MOTW) defenses designed to protect users from untrusted sources. Our research shows that CVE-2022-44698 meets many of the criteria we look for to be exploited, including: 

  • Access complexity: Low 
  • Potential attack surface: Global 
  • Exploitable remotely: No 
  • Authentication/privilege requirements: None 
  • Potential impact on availability: Partial 
  • Exploit code published: Yes 
  • Active exploits observed: Yes 
January 2023 Vuln Of The Month Distribution Chart
January 2023 Vuln Of The Month Distribution Chart

The Kenna Risk Score for CVE-2022-44698 is 77.3. Just .68% of CVEs earn a higher score. Certainly this would rank as serious in anyone’s book. Compare this to CVSS 3.X, which assigns a “Medium” score of 5.4. This difference highlights how scoring systems differ: In many cases, CVSS scores, whose methodology ignores useful context, can mislead security teams into thinking some vulnerabilities are not as serious as they are. (If you’re still relying on CVSS scores to drive your remediation efforts, we recommend immediately looking into switching out simple vulnerability scores for true risk scores.) 

Why CVE-2022-44698 matters 

Windows vulns always get our attention. This one features low complexity and requires no privilege escalation across a broad swath of Windows systems—all Windows OS versions from Windows 7 and Windows Server 2008 R2. If threat actors can trick targets via phishing emails or social engineering techniques, they can exploit the security feature bypass and threaten the integrity or availability of security features relying on MOTW tagging. This CVE helps avoids the SmartScreen defense mechanism and can result in losing security features like the Protected View feature for Microsoft Office documents. 

Bottom line 

A huge attack surface, possible threats to Windows security features, no privileges, low complexity, functional exploit code and existing exploits all add up to a CVE worth watching.  

Mitigation status 

On Dec. 13, 2022, Microsoft issued patches for all affected Windows versions. It’s recommended that security personnel implement those patches as soon as they can. 

Watch this space for regular Vuln of the Month spotlights, which appear on the second Tuesday of each month. Meanwhile, if you find yourself chasing new and emerging vulns but never quite catching up, learn more about how Kenna Security can help you focus on your highest-risk vulnerabilities, rather than headlines, thanks in part to our vulnerability intelligence powered by machine learning.    

Read the Latest Content

Trending Vulns

DECEMBER Vuln of the Month: CVE-2022-41128

A serious Windows vulnerability is December’s Vuln of the Month. Ready why this RCE scripting vuln can do a lot of damage.
Trending Vulns

November Vuln of the Month: CVE-2022-32893

November’s Vuln of the Month spotlights an Apple platform vulnerability—one that may pose risks to organizations with out-of-date iOS and MacOS versions.
Trending Vulns

October Vuln of the Month: CVE-2022-41040 and CVE-2022-41082

For October’s Vuln of the Month, we’ll feature two related CVEs, and explain why both are worth the attention of security teams. 

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.