• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft issues patches for 121 flaws, including zero day under active

Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack

You are here: Home / General Cyber Security News / Microsoft Issues Patches for 121 Flaws, Including Zero-Day Under Active Attack
August 10, 2022

As lots of as 121 new security flaws were being patched by Microsoft as section of its Patch Tuesday updates for the month of August, which also incorporates a correct for a Aid Diagnostic Instrument vulnerability that the company said is currently being actively exploited in the wild.

Of the 121 bugs, 17 are rated Critical, 102 are rated Essential, one particular is rated Average, and just one is rated Low in severity. Two of the issues have been outlined as publicly acknowledged at the time of the launch.

It is really value noting that the 121 security flaws are in addition to 25 shortcomings the tech big dealt with in its Chromium-centered Edge browser late past month and the prior week.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Topping the record of patches is CVE-2022-34713 (CVSS score: 7.8), a scenario of distant code execution affecting the Microsoft Windows Assistance Diagnostic Instrument (MSDT), building it the second flaw in the exact same ingredient immediately after Follina (CVE-2022-30190) to be weaponized in real-environment attacks in 3 months.

CyberSecurity

The vulnerability is also explained to be a variant of the flaw publicly recognised as DogWalk, which was originally disclosed by security researcher Imre Rad in January 2020.

“Exploitation of the vulnerability requires that a consumer open up a specially crafted file,” Microsoft mentioned in an advisory. “In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the person and convincing the consumer to open the file.”

Alternatively, an attacker could host a site or leverage an by now compromised web page that includes a malware-laced file built to exploit the vulnerability, and then trick potential targets into clicking on a backlink in an email or an immediate information to open up the document.

“This is not an uncommon vector and malicious files and back links are nonetheless employed by attackers to great result,” Kev Breen, director of cyber menace investigate at Immersive Labs, claimed. “It underscores the want for upskilling staff to be wary of such attacks.”

CVE-2022-34713 is 1 of the two distant code execution flaws in MSDT closed by Redmond this thirty day period, the other becoming CVE-2022-35743 (CVSS score: 7.8). Security scientists Monthly bill Demirkapi and Matt Graeber have been credited with reporting the vulnerability.

Microsoft also fixed 3 privilege escalation flaws in Trade Server that could be abused to read through specific email messages and download attachments (CVE-2022-21980, CVE-2022-24477, and CVE-2022-24516) and one particular publicly-recognized facts disclosure vulnerability (CVE-2022-30134) in Exchange which could as well guide to the similar effects.

“Directors need to permit Extended Security in purchase to thoroughly remediate this vulnerability,” Greg Wiseman, solution manager at Swift7, commented about CVE-2022-30134.

The security update even further remediates numerous remote code execution flaws in Windows Place-to-Point Protocol (PPP), Windows Safe Socket Tunneling Protocol (SSTP), Azure RTOS GUIX Studio, Microsoft Workplace, and Windows Hyper-V.

CyberSecurity

The Patch Tuesday correct is also notable for addressing dozens of privilege escalation flaws: 31 in Azure Web-site Restoration, a thirty day period just after Microsoft squashed 30 related bugs in the small business continuity support, 5 in Storage Areas Immediate, 3 in Windows Kernel, and two in the Print Spooler module.

Application Patches from Other Distributors

Aside from Microsoft, security updates have also been introduced by other distributors given that the get started of the thirty day period to rectify a number of vulnerabilities, including —

  • Adobe
  • AMD
  • Android
  • Apache Tasks
  • Cisco
  • Citrix
  • Dell
  • F5
  • Fortinet
  • GitLab
  • Google Chrome
  • HP
  • IBM
  • Intel
  • Linux distributions Debian, Oracle Linux, Pink Hat, SUSE, and Ubuntu
  • MediaTek
  • NVIDIA
  • Qualcomm
  • Samba
  • SAP
  • Schneider Electric
  • Siemens, and
  • VMware

Identified this report appealing? Follow THN on Facebook, Twitter  and LinkedIn to examine a lot more exceptional information we put up.


Some elements of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News New Malicious Python Libraries Found on PyPI Repository
Next Post: CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems cisa issues warning on active exploitation of unrar software for»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New FjordPhantom Android Malware Targets Banking Apps in Southeast Asia
  • Qakbot Takedown Aftermath: Mitigations and Protecting Against Future Threats
  • Chinese Hackers Using SugarGh0st RAT to Target South Korea and Uzbekistan
  • Discover How Gcore Thwarted Powerful 1.1Tbps and 1.6Tbps DDoS Attacks
  • WhatsApp’s New Secret Code Feature Lets Users Protect Private Chats with Password
  • U.S. Treasury Sanctions North Korean Kimsuky Hackers and 8 Foreign Agents
  • Zyxel Releases Patches to Fix 15 Flaws in NAS, Firewall, and AP Devices
  • Zero-Day Alert: Apple Rolls Out iOS, macOS, and Safari Patches for 2 Actively Exploited Flaws
  • Google Unveils RETVec – Gmail’s New Defense Against Spam and Malicious Emails
  • North Korea’s Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks

Copyright © TheCyberSecurity.News, All Rights Reserved.