January Vuln of the Month: CVE-2022-44698

It’s a new year, but a familiar problem: A Windows vulnerability that has the potential to cause headaches for Microsoft shops that aren’t up to date on their patches. That’s right, it’s time for Vuln of the Month, January 2023 edition! 

This month we present CVE-2022-44698, a security feature bypass vulnerability in Windows SmartScreen that could pose a solid risk to organizations whose employees are targeted by threat actors. If exploited—and exploits have already been observed—the result can be bypassed security features, such as Mark of the Web (MOTW) defenses designed to protect users from untrusted sources. Our research shows that CVE-2022-44698 meets many of the criteria we look for to be exploited, including: 

• Access complexity: Low 
• Potential attack surface: Global 
• Exploitable remotely: No 
• Authentication/privilege requirements: None 
• Potential impact on availability: Partial 
• Exploit code published: Yes 
• Active exploits observed: Yes 

The Kenna Risk Score for CVE-2022-44698 is 77.3. Just .68% of CVEs earn a higher score. Certainly this would rank as serious in anyone’s book. Compare this to CVSS 3.X, which assigns a “Medium” score of 5.4. This difference highlights how scoring systems differ: In many cases, CVSS scores, whose methodology ignores useful context, can mislead security teams into thinking some vulnerabilities are not as serious as they are. (If you’re still relying on CVSS scores to drive your remediation efforts, we recommend immediately looking into switching out simple vulnerability scores for true risk scores.) 

Why CVE-2022-44698 matters 

Windows vulns always get our attention. This one features low complexity and requires no privilege escalation across a broad swath of Windows systems—all Windows OS versions from Windows 7 and Windows Server 2008 R2. If threat actors can trick targets via phishing emails or social engineering techniques, they can exploit the security feature bypass and threaten the integrity or availability of security features relying on MOTW tagging. This CVE helps avoids the SmartScreen defense mechanism and can result in losing security features like the Protected View feature for Microsoft Office documents. 

Bottom line 

A huge attack surface, possible threats to Windows security features, no privileges, low complexity, functional exploit code and existing exploits all add up to a CVE worth watching.  

Mitigation status 

On Dec. 13, 2022, Microsoft issued patches for all affected Windows versions. It’s recommended that security personnel implement those patches as soon as they can. 

Watch this space for regular Vuln of the Month spotlights, which appear on the second Tuesday of each month. Meanwhile, if you find yourself chasing new and emerging vulns but never quite catching up, learn more about how Kenna Security can help you focus on your highest-risk vulnerabilities, rather than headlines, thanks in part to our vulnerability intelligence powered by machine learning.