Microsoft Warning - Windows Flaw Being Attacked

Uploaded on 2022-10-07 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW

Microsoft security experts have discovered zero-day exploits of a key flaw in its flagship Windows platform and issued a warning saying that its security teams had detected zero-day exploitation of a critical vulnerability that had been previously disclosed. Microsoft released the bulletin telling users to be careful about potential attacks.

The problem lies in the Windows platform and was fixed in the latest batch of Patch Tuesday updates, however, attackers are actively exploiting the flaw to gain system privileges on unpatched Windows machines.

“An attacker who successfully exploited this vulnerability could gain system privileges. An attacker must already have access and the ability to run code on the target system... This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,” says Microsoft.

The vulnerability was allegedly reported to Microsoft by four different organisations, suggesting that it was likely used as an exploit chain. No technical details regarding the bug have been released, as it is possible this could help attackers to continue to exploit it. In addition, no indicators of compromise were identified.

The vulnerability can be exploited by an attacker using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website to the same end.

The flaw has a CVSS score of 7.8 out of 10. The latest patch Tuesday covered 64 new vulnerabilities that exist in a range of Windows and OS components, such as SharePoint, Office, Defender, and Microsoft Edge. In addition to Microsoft, software maker Adobe also put out security solutions for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products

As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. Adobe said it was not aware of any exploits in the wild for any of the patched vulnerabilities.

Microsoft:      Oodaloop:     Security Week:      Forbes:    Port Swigger:    

You Might Also Read: 

Apple Patches Serious Security Flaws With iOS Update:

 

« Check Point Launches Horizon Security
Vulnerabilities In Airline WiFi Devices Expose Passenger Data »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cobwebs Technologies

Cobwebs Technologies

Cobwebs Technologies provide web intelligence solutions for Law Enforcement (including cybercrime), Intelligence Agencies and Federal Agencies.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

Proficio

Proficio

Proficio is a world-class Managed Security Service Provider providing managed detection and response solutions, 24×7 security monitoring and advanced data breach prevention services worldwide.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

ClassNK Consulting Service (NKCS)

ClassNK Consulting Service (NKCS)

ClassNK Consulting provides consulting services to the maritime industry with a focus on safety, security and compliance.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

PagerDuty

PagerDuty

PagerDuty is the central nervous system for a company’s digital operations. We identify issues in real-time and bring together the right people to respond to problems faster.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

WheelHouse IT

WheelHouse IT

WheelHouse IT secures, manages, and advances businesses with innovative, cost-effective IT solutions.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Jericho Security

Jericho Security

Jericho Security is on a mission to defend the world from the new threats of generative AI cyber attacks.

Ark Technology Consultants

Ark Technology Consultants

Ark Technology Consultants is a unique IT Services Firm which blends technology solutions with consultative insight around governance and process management.