Microsoft Warning - Windows Flaw Being Attacked

Uploaded on 2022-10-07 in BUSINESS-Services-IT & Telecoms, FREE TO VIEW

Microsoft security experts have discovered zero-day exploits of a key flaw in its flagship Windows platform and issued a warning saying that its security teams had detected zero-day exploitation of a critical vulnerability that had been previously disclosed. Microsoft released the bulletin telling users to be careful about potential attacks.

The problem lies in the Windows platform and was fixed in the latest batch of Patch Tuesday updates, however, attackers are actively exploiting the flaw to gain system privileges on unpatched Windows machines.

“An attacker who successfully exploited this vulnerability could gain system privileges. An attacker must already have access and the ability to run code on the target system... This technique does not allow for remote code execution in cases where the attacker does not already have that ability on the target system,” says Microsoft.

The vulnerability was allegedly reported to Microsoft by four different organisations, suggesting that it was likely used as an exploit chain. No technical details regarding the bug have been released, as it is possible this could help attackers to continue to exploit it. In addition, no indicators of compromise were identified.

The vulnerability can be exploited by an attacker using social engineering or phishing tactics to trick a user into opening a malicious document or file or visiting a compromised website to the same end.

The flaw has a CVSS score of 7.8 out of 10. The latest patch Tuesday covered 64 new vulnerabilities that exist in a range of Windows and OS components, such as SharePoint, Office, Defender, and Microsoft Edge. In addition to Microsoft, software maker Adobe also put out security solutions for at least 63 security vulnerabilities in a wide range of widely deployed Windows and macOS software products

As part of the scheduled September batch of Patch Tuesday updates, Adobe called attention to critical-rated bulletins affecting the Adobe Bridge, InDesign, Photoshop, InCopy, Animage and Illustrator software products. Adobe said it was not aware of any exploits in the wild for any of the patched vulnerabilities.

Microsoft:      Oodaloop:     Security Week:      Forbes:    Port Swigger:    

You Might Also Read: 

Apple Patches Serious Security Flaws With iOS Update:

 

« Check Point Launches Horizon Security
Vulnerabilities In Airline WiFi Devices Expose Passenger Data »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigiCert

DigiCert

DigiCert is the only provider of enterprise-grade SSL, IoT and PKI solutions. Our certificates are trusted everywhere, millions of times every day, by companies across the globe.

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

Backup112

Backup112

Backup112 has been delivering professional cloud backup services since 2004.

Paygilant

Paygilant

Paygilant’s disruptive technology is designed to protect mobile payment  financial transactions against fraudulent attacks, whether executed by NFC, QR code, P2P or in-app.

CyberSec.sk (CSSk)

CyberSec.sk (CSSk)

CyberSec.sk is the Slovak portal bringing the latest cyber security news, politics, tips and instructions on how to protect the internet.

redGuardian

redGuardian

redGuardian is a DDoS mitigation solution available both as a BGP-based service and as an on-premise platform.

Beazley

Beazley

Beazley are a specialist insurer with three decades of experience in providing clients with the highest standards of underwriting and claims service worldwide.

Deepnet Security

Deepnet Security

Deepnet Security is a leading security software developer and hardware provider in Multi-Factor Authentication (MFA), Single Sign-On (SSO) and Identity & Access Management (IAM).

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Kordia

Kordia

Kordia is a leading provider of mission-critical technology solutions throughout Australasia. We have the most comprehensive cyber security offering in New Zealand.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Input Output (IOHK)

Input Output (IOHK)

IOHK is one of the world's pre-eminent blockchain infrastructure research and engineering companies.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Secuna Software Technologies

Secuna Software Technologies

Secuna is the most trusted Cybersecurity Testing Platform in the Philippines. Our pool of vetted security researchers will find and ethically report security vulnerabilities in your product.

Central Intelligence Agency (CIA)

Central Intelligence Agency (CIA)

The CIA is an independent agency responsible for providing national security intelligence to senior US policymakers. This includes cyber security related activities.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.