• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Actively exploited Windows vulnerability reaches peak severity when paired with popular attack

You are here: Home / General Cyber Security News / Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
May 11, 2022

Windows 11 and Windows 11 displayed on two different laptops

Getty Illustrations or photos

The severity of an actively exploited Windows security vulnerability rises to the greatest severity rating if made use of by attackers in an NTLM relay attack.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper take secure and enxrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized seller: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The spoofing vulnerability in Windows Nearby Security Authority (LSA) subsystem, tracked as CVE-2022-26925, has a CVSSv3 severity ranking of 7.1 on its have, but climbs to 9.8 if harnessed in tandem with an NTLM relay attack, Microsoft explained.

NTLM relay attacks involve the exploitation of Microsoft’s NTLM authentication protocol, now in its thirtieth 12 months and therefore deeply embedded in enterprise networks, allowing for attackers to sit in amongst shoppers and servers to intercept authentication requests to capture credentials and transfer around networks.

All supported versions of Windows are vulnerable to the attack and Microsoft claimed hackers are presently discovering ways to exploit it. Industry experts advised IT Pro that it’s a bug that should fear every IT specialist and a single that could lead to remote code execution (RCE).

“While the advisory lists this as a CVSSv3 of 7.1 – the score jumps to a 9.8 when used as component of an NTLM attack,” reported Kev Breen, director of cyber risk investigation at Immersive Labs. “While all servers are impacted – domain controllers must be a priority for security as, at the time exploited, this provides high-degree access to privileges, typically recognized as ‘the keys to the kingdom’.”

Microsoft has currently revealed an write-up and a different advisory for procedure administrators who are on the lookout for more details on how to protect their environments from NTLM relay attacks. 

The Zero Day Initiative (ZDI) also pointed out that the patch affects some backup features on Windows Server 2008 SP2 so it is worthy of reading through the vulnerability’s documentation carefully to ensure backups keep on to get the job done as wanted.

PrintSpooler carries on to threaten

It is just about been a yr considering that Microsoft’s bungled PrintNightmare fiasco first started out impacting Windows devices and a additional a few vulnerabilities have been dealt with in Print Spooler – the built-in Windows ingredient in this month’s round of fixes.

Although Microsoft is not conscious of any energetic exploitation, all three vulnerabilities are categorized as ‘exploitation additional likely’ and should be patched as before long as achievable.

“Print Spooler shows that it stays an Achilles heel in business security teams’ infrastructure with the trio of vulnerabilities CVE-2022-29104, CVE-2022-29114, and CVE-2022-29132,” stated Breen. “An generally neglected, but nonetheless default, component on all Windows devices, servers, and desktops – Print Spooler still offers an eye-catching bullseye for attackers.”

Again to normality

Could 2022’s Patch Tuesday fastened 74 distinctive vulnerabilities, a determine that’s “par for the program in phrases of both of those amount and severity of vulnerabilities,” in accordance to Greg Wiseman, lead merchandise supervisor at Fast7, and will theoretically call for a lot less patching work compared to past month’s 145 vulnerabilities.

A overall of 7 vulnerabilities were labeled as ‘critical’ and a few had around top rated severity ratings of 9.8/10.

An RCE bug in Windows Network File Procedure tracked as CVE-2022-26937, is among the 3 best-rated flaws. “This can be mitigated by disabling NFSV2 and NFSV3 on the server having said that, this may well result in compatibility issues and upgrading is remarkably encouraged,” claimed Wiseman.

A set of ten RCE issues in Windows Lightweight Listing Access Protocol (LDAP), two of which had been rated 9.8/10 and comprised the ultimate two optimum-rated vulnerabilities in the record, are also induce for concern.

“With a headline rating of 9.8, a established of 10 remote code execution vulnerabilities in LDAP show up especially threatening, nonetheless, have been marked by Microsoft as ‘exploitation less likely’ as they demand a default configuration unlikely to exist in most environments,” said Breen. “It’s not to say there is no need to patch these, rather a reminder that context is important when prioritising patches.”

Of the 74 overall CVEs, 7 have been rated ‘critical’, 66 have been rated ‘important’, and just one was rated ‘low’. Windows administrators are encouraged to update as quickly as probable and compared with with preceding releases, the group has responded positively to this month’s patches, so considerably.


Some parts of this short article are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News NCSC’s Free Email Security Check Spots Domain Issues
Next Post: Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K researchers warn of nerbian rat targeting entities in italy, spain,»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Researchers Warn of Nerbian RAT Targeting Entities in Italy, Spain, and the U.K
  • Actively exploited Windows vulnerability reaches peak severity when paired with popular attack
  • NCSC’s Free Email Security Check Spots Domain Issues
  • Microsoft: Ransomware Relies on the Gig Economy
  • Red Hat reveals new software supply chain security pattern
  • Malicious NPM Packages Target German Companies in Supply Chain Attack
  • Microsoft Fixes Three Zero-Days in May Patch Tuesday
  • E.U. Blames Russia for Cyberattack on KA-SAT Satellite Network Operated by Viasat
  • Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates
  • Spain’s Spy Chief Sacked Over Pegasus Scandal

Copyright © TheCyberSecurity.News, All Rights Reserved.