• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa orders federal agencies to patch actively exploited windows vulnerability

CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability

You are here: Home / General Cyber Security News / CISA Orders Federal Agencies to Patch Actively Exploited Windows Vulnerability
February 7, 2022

The U.S. Cybersecurity and Infrastructure Security Company (CISA) is urging federal businesses to secure their units towards an actively exploited security vulnerability in Windows that could be abused to gain elevated permissions on impacted hosts.

To that finish, the company has additional CVE-2022-21882 (CVSS score: 7.) to the Known Exploited Vulnerabilities Catalog, necessitating that Federal Civilian Govt Branch (FCEB) organizations patch all units in opposition to this vulnerability by February 18, 2022.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“These kinds of vulnerabilities are a frequent attack vector for destructive cyber actors of all styles and pose substantial risk to the federal business,” CISA claimed in an advisory revealed final 7 days.

Windows Vulnerability Exploit

CVE-2022-21882, which has been tagged with an “Exploitation Much more Likely” exploitability index evaluation, issues a circumstance of elevation of privilege vulnerability affecting the Get32k element. The bug was resolved by Microsoft as part of its January 2022 Patch Tuesday updates.

“A area, authenticated attacker could obtain elevated community program or administrator privileges by a vulnerability in the Earn32k.sys driver,” the Windows maker mentioned. The flaw impacts Windows 10, Windows 11, Windows Server 2019, and Windows server 2022.

Prevent Data Breaches

It really is value noting that the security vulnerability is also a bypass for yet another escalation of privilege flaw in the same module (CVE-2021-1732, CVSS score: 7.8) that Microsoft settled in February 2021 and has given that been detected in exploits in the wild.

Located this post exciting? Adhere to THN on Facebook, Twitter  and LinkedIn to study additional exclusive material we publish.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «new argo cd bug could let hackers steal secret info New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
Next Post: Chinese Hackers Target Taiwanese Financial Institutions with a new Stealthy Backdoor chinese hackers target taiwanese financial institutions with a new stealthy»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.