Headline
Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]
Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report.
Alternative video link (for Russia): https://vk.com/video-149273431_456239107
The most important news of this Patch Tuesday was a release of patches for ProxyNotShell Remote Code Execution – Microsoft Exchange (CVE-2022-41040, CVE-2022-41082) mentioned in the previous episode. These vulnerabilities became public on September 28, and updates for this vulnerability did not appear until November 8. Microsoft could have acted more quickly. But it’s good that the problem with these actively exploited vulnerabilities is finally solved.
But besides ProxyNotShell, this November Patch Tuesday had a lot of interesting vulnerabilities. Let’s take a look.
$ cat comments_links.txt
Qualys|November 2022 Patch Tuesday|https://blog.qualys.com/vulnerabilities-threat-research/2022/11/08/november-2022-patch-tuesday
ZDI|THE NOVEMBER 2022 SECURITY UPDATE REVIEW|https://www.zerodayinitiative.com/blog/2022/11/8/the-november-2022-security-update-review
$ python3.8 process_classify_ms_products.py # Automated classifier for Microsoft products
$ python3.8 vulristics.py --report-type "ms_patch_tuesday_extended" --mspt-year 2022 --mspt-month "November" --mspt-comments-links-path "comments_links.txt" --rewrite-flag "True"
...
Creating Patch Tuesday profile...
MS PT Year: 2022
MS PT Month: November
MS PT Date: 2022-11-08
MS PT CVEs found: 66
Ext MS PT Date from: 2022-10-12
Ext MS PT Date to: 2022-11-07
Ext MS PT CVEs found: 17
ALL MS PT CVEs: 83
...
All vulnerabilities: 82
Urgent: 1
Critical: 6
High: 19
Medium: 56
Low: 0
Let’s start with vulnerabilities for which there is an exploit or signs of exploitation in the wild.
- Remote Code Execution – Windows Scripting Languages (CVE-2022-41128). Critical RCE affecting the JScript9 scripting language (Microsoft’s legacy JavaScript dialect, used by their Internet Explorer browser). It has been exploited in the wild and successful exploitation requires a user with an affected version of Windows to visit a malicious, attacker controlled server. In doing so, the attackers would get their code to execute on an affected system at the level of the logged-on user. The existence of a public exploit is mentioned in Microsoft CVSS Temporal Score (Functional Exploit).
- Security Feature Bypass – Windows Mark of the Web (CVE-2022-41049, CVE-2022-41091). MoTW is a security feature used to tag files downloaded from the internet and prevent them from performing certain actions. Files flagged with MoTW would be opened in Protected View in Microsoft Office — prompting users with a security warning banner asking them to confirm the document is trusted by selecting Enable content. A malicious actor could craft a file that could bypass MoTW “resulting in a limited loss of integrity and availability of security features such as Protected View.” The existence of a public exploit for CVE-2022-41049 is mentioned in Microsoft CVSS Temporal Score (Functional Exploit). Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB and Microsoft websites.
- Remote Code Execution – OpenSSL (CVE-2022-3602). The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and is known to be affected: Azure SDK for C++,
vcpkg, Microsoft Azure Kubernetes Service. The existence of a public exploit is mentioned on Vulners website. - Memory Corruption – Microsoft Edge (CVE-2022-3723). This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Exploitation in the wild is mentioned on Vulners (cisa_kev object) and AttackerKB websites.
- Elevation of Privilege – Windows CNG Key Isolation Service (CVE-2022-41125). An attacker can abuse this bug to run their code with SYSTEM privileges. They would need to be authenticated, which is why bugs like these are often paired with some form of remote code execution exploit. Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB and Microsoft websites
- Elevation of Privilege – Windows Print Spooler (CVE-2022-41073). The legacy of PrintNightmare continues as threat actors continue to mine the vast attack surface that is the Windows Print Spooler. While we’ve seen plenty of other patches since PrintNightmare, this one is listed as being in the wild. Exploitation in the wild is mentioned on Vulners (cisa_kev object), AttackerKB, Microsoft websites.
Now let’s look at vulnerabilities for which there are no public exploits or signs of exploitation in the wild, but the descriptions of which are interesting enough to pay attention to.
- Elevation of Privilege – Kerberos (CVE-2022-37966). Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. An attacker who successfully exploited this vulnerability could gain administrator privileges. An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment. Vulnerability Exploitability Assessment: Exploitation More Likely. Also pay attention to Elevation of Privilege – Kerberos (CVE-2022-37967).
- Elevation of Privilege – Microsoft Exchange (CVE-2022-41080). The technical details are unknown, and an exploit is not publicly available. Applying a patch is able to eliminate this problem.
- Elevation of Privilege – Netlogon RPC (CVE-2022-38023). Exploitability Assessment: Exploitation More Likely.
Full Vulristics report: ms_patch_tuesday_november2022
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Related news
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.
Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption in the HPACK parser The unbounded CPU consumption is down to a copy that occurred per-input-block in the parser, and because that could be unbounded due to the memory copy bug we end up with an O(n^2) parsing loop, with n selected by the client. The unbounded memory buffering bugs: - The header size limit check was behind the string reading code, so we needed to first buffer up to a 4 gigabyte string before rejecting it as longer than 8 or 16kb. - HPACK varints have an encoding quirk whereby an infinite number of 0’s can be added at the start of an integer. gRPC’s hpack parser needed to read all of them before concluding a parse. - gRPC’s metadata overflow check was performed per frame, so ...
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint
A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource that they did not have access to and consequently could not see, they could query Foundry's Notification API and receive metadata about the issue including the RID of the issue, severity, internal UUID of the author, and the user-defined title of the issue.
The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.
Red Hat Security Advisory 2023-3491-01 - An update for redhat-release-virtualization-host and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Red Hat OpenShift Container Platform release 4.13.0 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-4235: A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If p...
An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-17049: It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.
Red Hat Security Advisory 2023-2136-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.
Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been
Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.
A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These
Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The
Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.
An update for samba is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the s...
An update for samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and server to craft data with the s...
Red Hat Security Advisory 2023-0698-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.10.52.
Red Hat OpenShift Container Platform release 4.10.52 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3064: A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
Red Hat Security Advisory 2023-0637-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2023-0638-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2023-0639-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
An update for samba is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern e...
An update for samba is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client...
An update for samba is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-38023: A flaw was found in samba. The Netlogon RPC implementations may use the rc4-hmac encryption algorithm, which is considered weak and should be avoided even if the client supports more modern encryption types. This issue could allow an attacker who knows the plain text content communicated between the samba client and serve...
Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.
By Waqas Cybercriminals are leveraging two exploit chains (ProxyNotShell/OWASSRF) to target Microsoft Exchange servers, as warned by Bitdefender Labs. This is a post from HackRead.com Read the original post: New Wave of Cyberattacks Targeting MS Exchange Servers
Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.
Organizations often defer patching because of business disruption fears — but that didn't work out very well for Rackspace's Hosted Exchange service.
Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based
The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service.
The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.
The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford,
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows
Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.
IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.
An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is
Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion
Plus: Major patches dropped this month for Chrome, Firefox, VMware, Cisco, Citrix, and SAP.
Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be
<p><span><span><span><span><span><span>On November 8th, 2022, Microsoft released a series of security updates for various Windows operating systems to fix two security issues:</span></span></span></span></span></span></p> <ul> <li aria-level="1"><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966"&
<p><span><span><span><span><span><span>On November 8th, 2022, Microsoft released a series of security updates for various Windows operating systems to fix two security issues:</span></span></span></span></span></span></p> <ul> <li aria-level="1"><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966"&
Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.
Windows Kerberos Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.
Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41091.
Windows Kerberos Elevation of Privilege Vulnerability.
Windows Print Spooler Elevation of Privilege Vulnerability.
Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.
Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.
Windows CNG Key Isolation Service Elevation of Privilege Vulnerability
Windows Scripting Languages Remote Code Execution Vulnerability
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”
Red Hat Security Advisory 2022-7384-01 - The ubi9/openssl image provides provides an openssl command-line tool for using the various functions of the OpenSSL crypto library. Issues addressed include a buffer overflow vulnerability.
An update for openssl-container is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow
Gentoo Linux Security Advisory 202211-1 - Multiple vulnerabilities have been discovered in OpenSSL, the worst of which could result in remote code execution. Versions less than 3.0.7:0/3 are affected.
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
Punycode-related flaw fails the logo test
An update for openssl is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-3602: OpenSSL: X.509 Email Address Buffer Overflow * CVE-2022-3786: OpenSSL: X.509 Email Address Variable Length Buffer Overflow
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to up...
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address to overflow four attacker-controlled bytes on the stack. This buffer overflow could result in a crash (causing a denial of service) or potentially remote code execution. Many platforms implement stack overflow protections which would mitigate against the risk of remote code execution. The risk may be further mitigated based on stack layout for any given platform/compiler. Pre-announcements of CVE-2022-3602 described this issue as CRITICAL. Further analysis based on some of the mitigating factors described above have led this to be downgraded to HIGH. Users are still encouraged to ...
The OpenSSL project has rolled out fixes to contain two high-severity flaws in its widely used cryptography library that could result in a denial-of-service (DoS) and remote code execution. The issues, tracked as CVE-2022-3602 and CVE-2022-3786, have been described as buffer overrun vulnerabilities that can be triggered during X.509 certificate verification by supplying a specially-crafted email
Categories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine (Read more...) The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.
With scant details attached, Google Chrome seeks to shore up yet another exploited zero-day vulnerability.
Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers. There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were. Just as with all other types of mobile apps, there are pitfalls, though. Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...
By Jon Munshaw. Welcome to this week’s edition of the Threat Source newsletter. As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers. There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were. Just as with all other types of mobile apps, there are pitfalls, though. Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to
Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to
Microsoft Exchange Server Remote Code Execution Vulnerability.
Microsoft Exchange Server Elevation of Privilege Vulnerability.
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory
Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory
While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations.
While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations.
Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for securit...
Even organizations that use Exchange Online may still be affected if they run a hybrid server.
Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for securit...
By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers
By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.