Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six actively exploited zero days

Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six actively exploited zero days


Image: Getty

Microsoft has released 64 patches addressing security vulnerabilities in its products, including 11 flaws classified as critical and six vulnerabilities actively exploited by cyber attackers.

Security vulnerabilities affect Microsoft products including Windows, Microsoft Azure, Microsoft Exchange Server, Microsoft Office and many others, some of which have been targeted by malicious hackers for months.

Two of the critical updates address security vulnerabilities in Microsoft Exchange Server, which have been under active attack since September – CVE-2022-41028 and CVE-2022-41040.

CVE-2022-41040 is a Server-Side Request Forgery Vulnerability (SSRF), an exploit that allows attackers to make server-side application requests from an unintended location – for example, allowing them to access to internal services without being within the perimeter of the network.

CVE-2022-41082 allows remote code execution when PowerShell is accessible to the attacker. Previously, Microsoft had only released mitigations for the vulnerabilities, but now patches are available which, if applied, can prevent attackers from exploiting them to gain access to networks – and these should be applied as soon as possible.

Also: The Scary Future of the Internet: How Tomorrow’s Technology Will Pose Even Greater Cybersecurity Threats

Another vulnerability described as both critical and actively exploited in the wild is CVE-2022-41128, a remote code execution vulnerability in Windows scripting languages. To exploit the vulnerability, attackers must lure victims to specially crafted websites or servers – which could be achieved with a phishing attack – which they can exploit to execute code.

Microsoft hasn’t specified how widely exploited this vulnerability is, but it’s likely a go-to tool for cybercriminals.

“Given this is a browse and own scenario, I expect this to be a popular bug to include in exploit kits,” said Dustin Childs of Zero Day Initiative, a program to encourage reporting of zero-day vulnerabilities. .

Three of the vulnerabilities rated as “significant” are also being exploited by attackers and should be patched as soon as possible.

These include CVE-2022-41091, a Windows Brand Safety (MotW) feature bypass vulnerability that allows attackers to bypass Microsoft Windows defenses that are meant to identify files from a source untrusted by issuing a security warning.

By correctly exploiting the vulnerability, no alert is issued, which means that the user is unaware that he could be the subject of malicious activity. The vulnerability was publicly disclosed in October and can now be patched.

CVE-2022-41125 is another vulnerability actively exploited and patched by Microsoft’s Patch Tuesday update – an elevation of privilege vulnerability in Windows Cryptography API: Key Isolation Next Generation (CNG) service . If exploited correctly, the vulnerability allows an attacker to execute code.

The sixth vulnerability known to be used by attackers who receive a patch to help protect against exploitation is CVE-2022-41073, a Windows Print Spooler elevation of privilege vulnerability. This is another patch designed to prevent attackers from exploiting Print Nightmare flaws that were first revealed in July last year, but continue to be a popular attack vector. for cyber attackers.

Microsoft did not detail the extent of the attacks after the three “significant” vulnerabilities.

It is recommended to apply Microsoft Patch Tuesday updates as soon as possible to prevent malicious hackers from exploiting vulnerabilities, especially when knowing that several of the flaws are already actively targeted.


#Microsoft #Patch #Tuesday #fixes #critical #security #vulnerabilities #actively #exploited #days

Leave a Comment

Your email address will not be published. Required fields are marked *