Thursday, December 26, 2024

Microsoft Patchday: Six Vulnerabilities Attacked, Exchange Patches Finally Here

Date:

Currently, attackers are actively exploiting four vulnerabilities in Windows and two vulnerabilities in Exchange Server. Of these, Microsoft classifies three vulnerabilities as “critical” a.

The two Exchange vulnerabilities (CVE-2022-41040, CVE-2022-41082) have been known since the end of September 2022; since then there have also been attacks. Thereafter, Microsoft released various workarounds. But the first ones did not work and had to be improved. Attackers use the vulnerabilities to insert malicious code into systems and install Lockbit ransomware, among other things. Security patches are finally available.

A vulnerability exploited in Windows (CVE-2022-41091medium“) relates to Mark-of-the-Web (MOTW) protection measures. In Windows, protection marks files downloaded from the Internet. If you open a Word document with macros, for example, they are disabled by default Users must explicitly Macros remain a common way for encryption Trojans to sneak onto Windows PCs.

Successful exploitation should also allow attackers to bypass Microsoft Defender SmartScreen. The protection mechanism warns about phishing websites and checks if downloaded files are harmful. In this case, attackers could insert a zip file containing malicious code files into computers and victims would not receive a warning from Windows. The vulnerability was named “ZippyRead”.

The other two exploited Windows vulnerabilities (CVE-2022-41073tall“, CVE-2022-41125tall“) affect Print Spooler and CNG Key Isolation Service. If the attacks are successful, the attackers could gain higher user rights.

Microsoft classifies other vulnerabilities as “critical” a. Below which in Hyper V, Kerberos Y Windows Peer-to-Peer Tunneling. Attackers could get higher rights at these points. Cripple systems through DoS attacks or even execute malicious code.

Anyone who uses Windows and other Microsoft software should make sure that Windows Update is active and that the latest security patches are installed. This happens automatically in the standard Windows configuration.

Microsoft lists remaining vulnerabilities in the Security Update Guide in.


(of)

to the home page

Ebenezer Robbins
Ebenezer Robbins
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.

Share post:

Popular

More like this
Related

How to Use Video Marketing to Promote B2C Products?

Video marketing has emerged as a powerful tool for...

Adapting to Change: The Future for Leopard Tortoise Environments

Leopard tortoises, known for their striking spotted shells and...

Debunking Common Misconceptions in Nail Care

Acrylic nails, a popular choice for those seeking durable...

Top Reasons to Buy Instagram Likes from InsFollowPro.com

Buying Instagram followers is a strategy some individuals and...