Microsoft Warning - Windows Flaw Being Attacked

Microsoft security experts have discovered zero-day exploits of a key flaw in its flagship Windows platform and issued a warning saying that its security teams had detected zero-day exploitation of a critical vulnerability that had been previously disclosed. Microsoft released the bulletin telling users to be careful about potential attacks.

The problem lies in the Windows platform and was fixed in the latest batch of Patch Tuesday updates, however, attackers are actively exploiting the flaw to gain system privileges on unpatched Windows machines.

“An attacker who successfully exploited this vulnerability could gain system privileges. An attacker must already have access and the ability to run code on the target system... This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,” says Microsoft.

The vulnerability was allegedly reported to Microsoft by four different organisations, suggesting that it was likely used as an exploit chain. No technical details regarding the bug have been released, as it is possible this could help attackers to continue to exploit it. In addition, no indicators of compromise were identified.

The vulnerability can be exploited by an attacker using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website to the same end.

The flaw has a CVSS score of 7.8 out of 10. The latest patch Tuesday covered 64 new vulnerabilities that exist in a range of Windows and OS components, such as SharePoint, Office, Defender, and Microsoft Edge. In addition to Microsoft, software maker Adobe also put out security solutions for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products

As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. Adobe said it was not aware of any exploits in the wild for any of the patched vulnerabilities.

Microsoft:      Oodaloop:     Security Week:      Forbes:    Port Swigger:    

You Might Also Read: 

Apple Patches Serious Security Flaws With iOS Update:

 

« Check Point Launches Horizon Security
Vulnerabilities In Airline WiFi Devices Expose Passenger Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

ON-DEMAND WEBINAR: How to improve your security posture with a web application firewall (WAF)

Watch this webinar to discover how a WAF goes beyond a standard firewall and helps you meet security industry compliance.

Wizard Computing

Wizard Computing

Wizard Computer Services is a full service IT solutions provider that offers managed services, consultation, installation, and support to small and large businesses in New England.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

Harbinger Systems

Harbinger Systems

Harbinger Systems is a leading provider of software engineering services including Product Engineering, Software Testing, UI-UX, DevOps and Consulting.

National Cyber Directorate Israel

National Cyber Directorate Israel

The Israeli National Cyber Directorate provides incident handling services for civilian entities and critical infrastructures and works to increase national resilience against cyber threats.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

OpenSphere

OpenSphere

OpenSphere is an IT company providing security consultancy, information system risk management and security management services.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

ECESM

ECESM

The ECESM project has been designed to enhance overall cyber security posture of Montenegro by accelerating the availability of educational and training resources.

Shieldfy

Shieldfy

Shieldfy is a cloud-based security shield for your website to protect it from cyber attacks and malwares.

Hunters.AI

Hunters.AI

Hunters is the world's first autonomous hunting solution that leverages top-tier cyber expertise and AI to uncover hidden cyber threats.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Elysium Analytics

Elysium Analytics

Elysium Cognitive Security Analytics delivers the latest and most flexible security system to reduce cost and complexity while providing unmatched scalability.

MicroSec

MicroSec

MicroSec is a company specializing in IoT security. We focus on bringing enterprise grade security to IoT and embedded systems.