Microsoft Warning - Windows Flaw Being Attacked

Uploaded on 2022-10-07 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW

Microsoft security experts have discovered zero-day exploits of a key flaw in its flagship Windows platform and issued a warning saying that its security teams had detected zero-day exploitation of a critical vulnerability that had been previously disclosed. Microsoft released the bulletin telling users to be careful about potential attacks.

The problem lies in the Windows platform and was fixed in the latest batch of Patch Tuesday updates, however, attackers are actively exploiting the flaw to gain system privileges on unpatched Windows machines.

“An attacker who successfully exploited this vulnerability could gain system privileges. An attacker must already have access and the ability to run code on the target system... This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,” says Microsoft.

The vulnerability was allegedly reported to Microsoft by four different organisations, suggesting that it was likely used as an exploit chain. No technical details regarding the bug have been released, as it is possible this could help attackers to continue to exploit it. In addition, no indicators of compromise were identified.

The vulnerability can be exploited by an attacker using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website to the same end.

The flaw has a CVSS score of 7.8 out of 10. The latest patch Tuesday covered 64 new vulnerabilities that exist in a range of Windows and OS components, such as SharePoint, Office, Defender, and Microsoft Edge. In addition to Microsoft, software maker Adobe also put out security solutions for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products

As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. Adobe said it was not aware of any exploits in the wild for any of the patched vulnerabilities.

Microsoft:      Oodaloop:     Security Week:      Forbes:    Port Swigger:    

You Might Also Read: 

Apple Patches Serious Security Flaws With iOS Update:

 

« Check Point Launches Horizon Security
Vulnerabilities In Airline WiFi Devices Expose Passenger Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

C3IA Solutions

C3IA Solutions

C3IA Solutions is an NCSC-certified Cyber Consultancy providing assured, tailored advice to keep your information secure and data protected.

DTEX Systems

DTEX Systems

DTEX Systems is the global leader for insider risk management. We empower organizations to prevent data loss by proactively stopping insider risks from becoming insider threats.

OSSEC

OSSEC

OSSEC is a scalable, multi-platform, open source Host-based Intrusion Detection System (HIDS).

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

Slovenian Digital Coalition

Slovenian Digital Coalition

Slovenian Digital Coalition is a coalition working in the field of smart cities, e-commerce, e-skills, e-inclusion, cyber security, internet and other areas related to developing the digital society.

RCDevs

RCDevs

RCDevs is an award-winning Software company providing security solutions designed for modern enterprise technologies and suited for SMEs to large corporations.

Innovent Recycling

Innovent Recycling

Innovent Recycling provides a secure IT recycling & data destruction service to all types of organizations across the UK.

ArmorText

ArmorText

ArmorText offers a seamless channel for communication and collaboration for organizations concerned with keeping communication data private and secure.

UltraSoC Technologies

UltraSoC Technologies

JFrog

JFrog

JFrog is on a mission to enable continuous updates through Liquid Software, empowering developers to code high-quality applications that securely flow to end-users with zero downtime.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Port443

Port443

Port443 specialises in providing Security Orchestration, Automation and Remediation (SOAR) "as a service".

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.