Microsoft on Tuesday rolled out its regular security updates with fixes for 51 vulnerabilities throughout its application line-up consisting of Windows, Place of work, Teams, Azure Facts Explorer, Visual Studio Code, and other parts these kinds of as Kernel and Get32k.
Among the the 51 problems shut, 50 are rated Critical and a person is rated Moderate in severity, building it a single of the scarce Patch Tuesday updates without the need of any fixes for Critical-rated vulnerabilities. This is also in addition to 19 extra flaws the firm tackled in its Chromium-based Edge browser.
None of the security vulnerabilities are listed as below energetic exploit, even though of the flaws — CVE-2022-21989 (CVSS score: 7.8) — has been categorized as a publicly disclosed zero-day at the time of the launch. The issue worries a privilege escalation bug in Windows Kernel, with Microsoft warning of probable attacks exploiting the shortcoming.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“Prosperous exploitation of this vulnerability involves an attacker to acquire added steps prior to exploitation to prepare the target natural environment,” the business noted in its advisory. “A thriving attack could be performed from a lower privilege AppContainer. The attacker could elevate their privileges and execute code or access methods at a larger integrity stage than that of the AppContainer execution setting.”
Also fixed are a range of distant code execution vulnerabilities affecting Windows DNS Server (CVE-2022-21984, CVSS rating: 8.8), SharePoint Server (CVE-2022-22005, CVSS score: 8.8), Windows Hyper-V (CVE-2022-21995, CVSS rating: 5.3), and HEVC Movie Extensions (CVE-2022-21844, CVE-2022-21926, and CVE-2022-21927, CVSS scores: 7.8).
The security update also remediates a Azure Details Explorer spoofing vulnerability (CVE-2022-23256, CVSS rating: 8.1), two security bypass vulnerabilities just about every impacting Outlook for Mac (CVE-2022-23280, CVSS rating: 5.3) and OneDrive for Android (CVE-2022-23255, CVSS score: 5.9), and two denial-of-assistance vulnerabilities in .NET (CVE-2022-21986, CVSS rating: 7.5) and Teams (CVE-2022-21965, CVSS rating: 7.5).
Microsoft also explained it remediated a number of elevation of privilege flaws — 4 in the Print Spooler service and just one in the Win32k driver (CVE-2022-21996, CVSS rating: 7.8), the latter of which has been labeled “Exploitation A lot more Likely” in mild of a equivalent vulnerability in the similar part that was patched last month (CVE-2022-21882) and has appear considering that under lively attack.
The updates arrive as the tech giant late very last thirty day period republished a vulnerability relationship again to 2013 — a signature validation issue affecting WinVerifyTrust (CVE-2013-3900) — noting that the correct is “readily available as an decide-in feature by means of reg key location, and is offered on supported editions of Windows released given that December 10, 2013.”
The move may perhaps have been spurred in reaction to an ongoing ZLoader malware marketing campaign that, as uncovered by Check out Issue Investigate in early January, was discovered leveraging the flaw to bypass the file signature verification mechanism and fall malware able of siphoning consumer qualifications and other delicate data.
Software Patches from Other Vendors
Moreover Microsoft, security updates have also been released by other suppliers to rectify many vulnerabilities, counting —
- Adobe
- Android
- Cisco
- Citrix
- Google Chrome
- Intel
- Linux distributions Oracle Linux, Purple Hat, and SUSE
- Mozilla Firefox and Firefox ESR
- SAP
- Schneider Electric, and
- Siemens
Found this article attention-grabbing? Observe THN on Fb, Twitter and LinkedIn to study far more exclusive information we put up.
Some components of this article are sourced from:
thehackernews.com