• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
microsoft patch tuesday fixes windows 11 system reset bug

Microsoft Patch Tuesday fixes Windows 11 system reset bug

You are here: Home / General Cyber Security News / Microsoft Patch Tuesday fixes Windows 11 system reset bug
March 9, 2022

Getty Illustrations or photos

Microsoft has produced this month’s rating of patches for Windows security flaws, correcting a bug found in February that prevented some people from erasing all their data files right after a procedure reset.

The Windows manual reset possibility is built to correctly restore a gadget to its manufacturing facility-shipped settings, eradicating user information. Microsoft revealed a workaround at the time, but the updates to Windows 11 and Windows 10 released on Tuesday will eliminate the bug, although Microsoft did say it may choose up to 7 times for the modifications to get effect. 

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


A full of 92 vulnerabilities have been patched across Windows and other Microsoft products and solutions, like a few critical-rated remote code execution (RCE) vulnerabilities and a few security element bypass flaws.

Two of the critical-rated flaws afflicted Online video Extensions for ads, tracked as CVE-2022-24501 and CVE-2022-22006, and equally were being ready to be exploited to obtain RCE with a ‘low’ attack complexity.

In each circumstances, an attacker would have to have to persuade a user to obtain a specially crafted file that would direct to a crash. Productive attackers would also need local access to a victim’s machine, either by using its mouse and keyboard or a protected shell link (SSH).

The other critical flaw, tracked as CVE-2022-23277, is a remote code execution vulnerability in Microsoft Trade Server with a reduced diploma of attack complexity and low privileges required to exploit. In all three scenarios, there is no recognized exploit code out there, but patching is nevertheless suggested, especially for security vulnerabilities of this severity.

“The vulnerability most possible to increase eyebrows this month is CVE-2022-23277, a Critical RCE impacting Exchange Server,” reported Greg Wiseman, lead product manager at Fast7. 

“Thankfully, this is a publish-authentication vulnerability, indicating attackers will need credentials to exploit it. Though passwords can be received by using phishing and other indicates, this 1 should not be as rampantly exploited as the deluge of Exchange vulnerabilities we saw throughout 2021. Trade directors should really however patch as quickly as fairly probable.

A complete of 29 RCE vulnerabilities ended up dealt with in Microsoft’s March ‘Patch Tuesday’, and 3 of the whole 92 flaws experienced been formerly disclosed. 

Of these a few previously known issues, each CVE-2022-21990 and CVE-2022-24459, RCE and privilege escalation vulnerabilities respectively, have recognized proofs-of-notion (PoC) offered but no exploitation has been observed in the wild.

The final identified vulnerability was an RCE flaw influencing .NET and Visible Studio this has also now been patched but no PoC code is assumed to have been made, Microsoft claimed. It would be difficult to exploit this vulnerability by itself, and would be additional most likely utilised as aspect of a chained attack, it additional.

Other vulnerabilities this sort of as privilege escalation, security aspect bypass, information disclosure, denial of assistance, and spoofing flaws were also identified throughout Microsoft’s merchandise. All updates are out there in the Microsoft Update Catalog now.


Some components of this posting are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Car Dealership Employees Begin Legal Case Following Breach
Next Post: Over half of London councils lack cyber insurance over half of london councils lack cyber insurance»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.