Thursday, August 11, 2022
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Microsoft Patch Tuesday: 84 Windows Vulns, Including Already-Exploited Zero-Day

Researcher by Researcher
July 12, 2022
in Cybersecurity
0
High-Severity Flaw in Argo CD is Information Leak Risk
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Microsoft has issued an urgent Patch Tuesday bulletin to warn of in-the-wild zero-day exploitation of a privilege escalation flaw in the Windows operating system.

The critical vulnerability, flagged as CVE-2022-22047, exists in the Client/Server Runtime Subsystem (csrss.exe) and carries a CVSS severity rating of 7.8.

“An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Redmond’s security response team said in an advisory.

The software giant did not provide any additional details of the live attacks outside of a notification that the issue has not been publicly disclosed.  The company did not provide IOCs (indicators of compromise) to help defenders hunt for signs of compromise.

Microsoft credited its own MSTIC (Microsoft Threat Intelligence Center) and MSRC (Microsoft Security Response Center) units with the discovery of the zero-day exploitation.

[ READ: Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop ]

The Windows CSRSS privilege escalation flaw headlines a very busy Patch Tuesday that includes fixes for at least 84 documented vulnerabilities across the Windows ecosystem.

According to the Zero Day Initiative (ZDI), the July Patch Tuesday rollout did not include any fixes for the recent Pwn2Own competition where hackers exploited unpatched flaws in Windows 11 and Microsoft Teams.  At that event, Pwn2Own participants demonstrated six Windows 11 privilege escalation flaws and three Microsoft Teams exploit chains.

The 84 documented vulnerabilities (counting by CVE) affect a range of OS components, including Microsoft Office, BitLocker, Microsoft Defender, Windows Azure and Windows Windows Hyper-V.

According to Microsoft’s documentation, 4 of the 84 vulnerabilities carry the highest “critical” severity rating.  The remaining bugs are rated “important” in severity.

[ READ: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities ]

Redmond’s patches come just hours after software maker Adobe patched 22 documented vulnerabilities in a range of desktop products, some serious enough to cause arbitrary code execution attacks.

The patches, available for Adobe Acrobat and Reader for Windows and macOS, affect Adobe Acrobat/Reader, Adobe Photoshop, Adobe RoboHelp and Adobe Character Animator.

According to an advisory from Adobe, the Acrobat/Reader update address  multiple critical vulnerabilities that could expose computer users to arbitrary code execution and memory leak attacks.

Adobe said it was not aware of in-the-wild exploits prior to the availability of patches. 

Related: ICS Patch Tuesday: Siemens, Schneider Electric Address 59 Vulnerabilities

Related: Patch Tuesday: Microsoft Calls Attention to ‘Wormable’ Windows

Related: Adobe Patch Tuesday: Critical Flaws in Acrobat, Reader, Photoshop

view counter

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series.
Ryan is a veteran cybersecurity strategist who has built security engagement programs at major global brands, including Intel Corp., Bishop Fox and Kaspersky GReAT. He is a co-founder of Threatpost and the global SAS conference series. Ryan’s past career as a security journalist included bylines at major technology publications including Ziff Davis eWEEK, CBS Interactive’s ZDNet, PCMag and PC World.
Ryan is a director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.
Follow Ryan on Twitter @ryanaraine.

Previous Columns by Ryan Naraine:
Tags:





Source link

Related articles

U.S. Gov Offers $5M Reward For North Korean Cybercrime Intel

How Three Ransomware Groups Targeted One Vulnerable Network

August 11, 2022
High-Severity Flaw in Argo CD is Information Leak Risk

Organizations Warned of Critical Vulnerabilities in NetModule Routers

August 11, 2022
Tags: AlreadyExploitedincludingMicrosoftPatchTuesdayVulnsWindowszeroday
Share76Tweet47

Related Posts

U.S. Gov Offers $5M Reward For North Korean Cybercrime Intel

How Three Ransomware Groups Targeted One Vulnerable Network

August 11, 2022
0

“This is something we’re seeing affecting more and more organizations, and it’s likely due to an increasingly crowded market for...

High-Severity Flaw in Argo CD is Information Leak Risk

Organizations Warned of Critical Vulnerabilities in NetModule Routers

August 11, 2022
0

Flashpoint is warning organizations of two newly identified critical vulnerabilities in NetModule Router Software (NRSW) that could be exploited in...

Top 5 best backup practices

Top 5 best backup practices

August 10, 2022
0

Give yourself peace of mind by implementing a new backup strategy with our tips. Image: apinan/Adobe Stock You know that...

NVIDIA Fixes High-Severity Flaws in Graphics Drivers For Windows, Linux

Microsoft Fixes Known, Exploited Flaw in Windows Diagnostic Tool

August 10, 2022
0

Microsoft said it fixed a variant of a publicly known vulnerability that was first reported to the company in 2019....

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
0

A former Twitter worker was found guilty on Tuesday of spying for Saudi officials keen to unmask critics on the...

Load More
  • Trending
  • Comments
  • Latest
Brave browser’s Tor mode exposed users’ dark web activity

Brave browser’s Tor mode exposed users’ dark web activity

February 18, 2022
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
U.S. Gov Offers $5M Reward For North Korean Cybercrime Intel

How Three Ransomware Groups Targeted One Vulnerable Network

August 11, 2022
High-Severity Flaw in Argo CD is Information Leak Risk

Organizations Warned of Critical Vulnerabilities in NetModule Routers

August 11, 2022
Join the SD-WAN webinar: How to Extend Network Visibility and Optimize the SaaS Experience

Join the SD-WAN webinar: How to Extend Network Visibility and Optimize the SaaS Experience

August 11, 2022
Makulu Linux Shift makes shifting between desktop layouts easy

Makulu Linux Shift makes shifting between desktop layouts easy

August 10, 2022

Recent Posts

U.S. Gov Offers $5M Reward For North Korean Cybercrime Intel

How Three Ransomware Groups Targeted One Vulnerable Network

August 11, 2022
High-Severity Flaw in Argo CD is Information Leak Risk

Organizations Warned of Critical Vulnerabilities in NetModule Routers

August 11, 2022
Join the SD-WAN webinar: How to Extend Network Visibility and Optimize the SaaS Experience

Join the SD-WAN webinar: How to Extend Network Visibility and Optimize the SaaS Experience

August 11, 2022

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access Android attack Attacks banking BiWeekly bug Cisco critical Cyber Cybersecurity Data devices Digital exploited financial Finds Fintech Flaw flaws Google Group Hackers Krebs Latest malware Microsoft million Network News open Payments phishing Ransomware RoundUp security Software TFT Threat Top vulnerability warns Week Windows zeroday

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved