• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Microsoft Fixes Two Zero-Days This Patch Tuesday

You are here: Home / General Cyber Security News / Microsoft Fixes Two Zero-Days This Patch Tuesday
September 14, 2022

Microsoft released fixes for in excess of 60 CVEs this thirty day period like two zero-working day vulnerabilities, one particular of which is remaining actively exploited in the wild.

The latter is an elevation of privilege vulnerability in Windows Popular Log File System Driver (CVE-2022-37969), which impacts all Windows variations and could permit attackers to achieve method privileges.

“The attack does have to have the attacker to have obtain and potential to run code on the goal process, but chaining numerous vulnerabilities in an attack is typical sufficient apply that this should be regarded a minor barrier for risk actors,” described Ivanti VP of security items, Chris Goettl.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The vulnerability is rated as ‘important,’ but with a number of vendors acknowledged for the coordinated disclosure and verified exploits in the wild it should really be dealt with as a ‘critical’ severity due to the risk. Exploitation has previously been detected and added information could have been disclosed earning it less difficult for extra attackers to get benefit of the vulnerability.”

The next publicly disclosed bug is located in in ARM-primarily based Windows 11 units and could permit cache speculation restriction (CVE-2022-23960). Recognized as Spectre-BHB, it could be described as a side-channel speculation vulnerability in ARM processors.

This month’s Patch Tuesday update spherical has viewed Microsoft pass 1000 CVEs for the 12 months, placing the company on monitor to exceed the 1200 it fastened in 2021, in accordance to Qualys.

There are a total of five critical patches for sysadmins to take into account this month, together with distant code execution bugs CVE-2022-34722 and CVE-2022-34721, which affect Windows Internet Crucial Exchange (IKE) Protocol Extensions. Both have a CVSS score of 9.8.

“They equally have lower complexity for exploitation and permit danger actors to execute the attack with no user interaction. An unauthenticated attacker could send a specifically crafted IP packet to a goal machine that is running Windows and has IPSec enabled, which could allow remote code execution,” warned Motion1 co-founder, Mike Walters.

“This vulnerability impacts only IKEv1 and not IKEv2. Even so, all Windows Servers are impacted because they take each V1 and V2 packets. There is no exploit or proof-of-principle detected in the wild still, but putting in the resolve is highly sensible.”


Some pieces of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «researchers detail originlogger rat — successor to agent tesla malware Researchers Detail OriginLogger RAT — Successor to Agent Tesla Malware
Next Post: Four-Fifths of Firms Hit by Critical Cloud Security Incident Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Italy’s Privacy Watchdog Blocks ChatGPT Amid Privacy Concerns
  • Modular “AlienFox” Toolkit Used to Steal Cloud Service Credentials
  • New Azure Flaw “Super FabriXss” Enables Remote Code Execution Attacks
  • Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
  • MongoDB CISO: Don’t be afraid to simplify important issues for executives
  • Cyber Police of Ukraine Busted Phishing Gang Responsible for $4.33 Million Scam
  • Deep Dive Into 6 Key Steps to Accelerate Your Incident Response
  • Lazarus blamed for 3CX attack as byte-to-byte code match discovered
  • New Cylance Ransomware strain emerges, experts speculate about its notorious members
  • 3CX Supply Chain Attack — Here’s What We Know So Far

Copyright © TheCyberSecurity.News, All Rights Reserved.