Microsoft Warning - Windows Flaw Being Attacked

Uploaded on 2022-10-07 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW

Microsoft security experts have discovered zero-day exploits of a key flaw in its flagship Windows platform and issued a warning saying that its security teams had detected zero-day exploitation of a critical vulnerability that had been previously disclosed. Microsoft released the bulletin telling users to be careful about potential attacks.

The problem lies in the Windows platform and was fixed in the latest batch of Patch Tuesday updates, however, attackers are actively exploiting the flaw to gain system privileges on unpatched Windows machines.

“An attacker who successfully exploited this vulnerability could gain system privileges. An attacker must already have access and the ability to run code on the target system... This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,” says Microsoft.

The vulnerability was allegedly reported to Microsoft by four different organisations, suggesting that it was likely used as an exploit chain. No technical details regarding the bug have been released, as it is possible this could help attackers to continue to exploit it. In addition, no indicators of compromise were identified.

The vulnerability can be exploited by an attacker using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website to the same end.

The flaw has a CVSS score of 7.8 out of 10. The latest patch Tuesday covered 64 new vulnerabilities that exist in a range of Windows and OS components, such as SharePoint, Office, Defender, and Microsoft Edge. In addition to Microsoft, software maker Adobe also put out security solutions for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products

As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. Adobe said it was not aware of any exploits in the wild for any of the patched vulnerabilities.

Microsoft:      Oodaloop:     Security Week:      Forbes:    Port Swigger:    

You Might Also Read: 

Apple Patches Serious Security Flaws With iOS Update:

 

« Check Point Launches Horizon Security
Vulnerabilities In Airline WiFi Devices Expose Passenger Data »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

OpenText

OpenText

OpenText is a leader in Enterprise Information Management software and a portfolio of related solutions for Information Governance, Compliance, Information Security and Privacy.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Scout Ventures

Scout Ventures

Scout Ventures is an early stage venture capital firm that is making the world a better, safer place by cultivating standout frontier technologies.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

Silicon Cloud International

Silicon Cloud International

Silicon Cloud is a high performance and secure cloud computing platform for engineering and scientific applications.

BIO-key

BIO-key

BIO-key is a pioneer and innovator, we are recognized as a leading developer of fingerprint biometric authentication and security solutions.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

BlueAlly

BlueAlly

BlueAlly helps clients scale, optimize, and manage their IT resources to reach their business goals.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Beazley Security

Beazley Security

Beazley Security is a global cyber security firm committed to helping clients develop true cyber resilience: the ability to withstand and recover from any cyberattack.

Nothreat

Nothreat

Nothreat has revolutionized how businesses like yours protect themselves from damaging cyber attacks. Our tech learns and adapts in real time, protecting clients from even zero-day attacks.