Security
Headlines
HeadlinesLatestCVEs

Headline

Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

By Deeba Ahmed Microsoft has urged Windows Administrators to install the updates urgently so make sure you have the latest patches installed! This is a post from HackRead.com Read the original post: Microsoft Issues Patches to Fix 6 Active 0-Day Windows Vulnerabilities

HackRead
#vulnerability#web#mac#windows#apple#google#microsoft#dos#js#rce#ssrf#zero_day#chrome#ssl

It is no surprise that Microsoft’s products are on the hit list of cyber attacks, given the steadily increasing number of zero-day attacks against them. It is the second time in two months that the reputed software maker has released patches to fix already exploited zero-days in its scheduled Patch Tuesday update. The company urged Windows Administrators to install the updates urgently.

The details of these flaws and the subsequent fixes are as follows:

Microsoft Fixes Crucial Flaws in Patch Tuesday Update

According to the tech giant, in its monthly security update, Patch Tuesday, the company has released patches for 68 vulnerabilities, including six unique, actively exploited zero-days. These flaws were flagged in the Exploitation Category. This includes two fixes for Exchange Server security flaws that a state-sponsored entity exploited for several months.

Twelve flaws were marked Critical, two of which were rated High, whereas fifty-five were rated Important in severity. The company also released patches for weaknesses fixed the previous week by OpenSSL.

Microsoft separately fixed another actively exploited vulnerability, CVE-2022-3723. It was detected in Chromium-based browsers.

Zero-Days Details

Microsoft’s security response team described four new and already exploited zero-days tracked as CVE-2022-41125, CVE-2022-41073, CVE-2022-41091, and CVE-2022-41128.

The CVE-2022-41128 was detected by Google TAG’s Benoît Sevens and Clément Lecigne, found in the Jscript9 component. It occurred when the target was lured to visit a malicious website.

The CVE-2022-41091 is a security bypass flaw in Windows MoTW (Mark of the Web), which was recently discovered to be weaponized by the Magniber ransomware actor, and users were targeted with fake software updates. A malicious file could help the attacker evade MoTW defenses that lead to loss of integrity and security features like MS Office’s Protected View, Microsoft’s advisory read.

Microsoft Exchange Server Vulnerabilities

In addition, they also patched two Microsoft Exchange server flaws tracked as CVE-2022-41040 and CVE-2022-41082. These exploits were used for privilege escalation, RCE (remote code execution), and feature bypassing.

The first four flaws impacted the Windows CNG Key Isolation Service, the Windows Print Spooler, Windows Mark of the Web Security, and Windows Scripting Languages. The other two flaws that affected Exchange Server entailed an RCE, and a privilege escalation bug, which was actually part of an extended exploit chain that Microsoft believes was exploited by a state-sponsored threat actor.

According to Microsoft, due to security issues, at least ten organizations have been targeted. Both flaws are documented as SSRF (server-side request forgery) issues.

Critical Vulnerabilities Fixed in November

Other Critical-rated vulnerabilities were privilege escalation flaws discovered in Windows Kerberos RC4-HMAC (CVE-2022-37966), Kerberos (CVE-2022-37967), and Microsoft Exchange Server (CVE-2022-41080). Moreover, a denial-of-service flaw was also fixed that impacted Windows Hyper-V (CVE-2022-38015).

  1. Chinese Hackers Hiding Malware in Windows Logo
  2. Hackers Abusing Microsoft Dynamics 365 Customer Voice
  3. Microsoft Office Most Exploited Software in Malware Attacks
  4. Apple Safari Safest, Google Chrome Riskiest Browser of 2022
  5. Scammers Leveraging Microsoft Team GIFs in Phishing Attacks

Related news

North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware

The North Korean threat actor known as ScarCruft has been linked to the zero-day exploitation of a now-patched security flaw in Windows to infect devices with malware known as RokRAT. The vulnerability in question is CVE-2024-38178 (CVSS score: 7.5), a memory corruption bug in the Scripting Engine that could result in remote code execution when using the Edge browser in Internet Explorer Mode.

Gentoo Linux Security Advisory 202309-06

Gentoo Linux Security Advisory 202309-6 - Multiple vulnerabilities have been discovered in Samba, the worst of which could result in root remote code execution. Versions greater than or equal to 4.18.4 are affected.

Microsoft Fixes 69 Bugs, but None Are Zero-Days

The June 2023 Patch Tuesday security update included fixes for a bypass for two previously addressed issues in Microsoft Exchange and a critical elevation of privilege flaw in SharePoint Server.

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

RHSA-2023:2570: Red Hat Security Advisory: krb5 security, bug fix, and enhancement update

An update for krb5 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-17049: It was found that the Kerberos Key Distribution Center (KDC) delegation feature, Service for User (S4U), did not sufficiently protect the tickets it's providing from tempering. A malicious, authenticated service principal allowed to delegate could use this flaw to impersonate a non-forwardable user.

Gentoo Linux Security Advisory 202305-10

Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.

Google Releases Urgent Chrome Update to Fix Actively Exploited Zero-Day Vulnerability

Google on Friday released out-of-band updates to resolve an actively exploited zero-day flaw in its Chrome web browser, making it the first such bug to be addressed since the start of the year. Tracked as CVE-2023-2033, the high-severity vulnerability has been described as a type confusion issue in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been

Google: Commercial Spyware Used by Governments Laden With Zero-Day Exploits

Google TAG researchers reveal two campaigns against iOS, Android, and Chrome users that demonstrate how the commercial surveillance market is thriving despite government-imposed limits.

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group (TAG) has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap between the release of a fix and when it was actually deployed on the targeted devices. "These

Attackers Are Probing for Zero-Day Vulns in Edge Infrastructure Products

Nearly 20% of the zero-day flaws that attackers exploited in 2022 were in network, security, and IT management products, Mandiant says.

From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022

As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significant uptick in recent years of threat actors leveraging unknown security flaws to their advantage. The

Ubuntu Security Notice USN-5936-1

Ubuntu Security Notice 5936-1 - Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service. Tom Tervoort discovered that Samba incorrectly used weak rc4-hmac Kerberos keys. A remote attacker could possibly use this issue to elevate privileges.

Avast Threat Report: Consumers Plagued With Refund Fraud, Tech Support Scams, and Adware

Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.

Ubuntu Security Notice USN-5822-2

Ubuntu Security Notice 5822-2 - USN-5822-1 fixed vulnerabilities in Samba. The update for Ubuntu 20.04 LTS introduced regressions in certain environments. Pending investigation of these regressions, this update temporarily reverts the security fixes. It was discovered that Samba incorrectly handled the bad password count logic. It was discovered that Samba supported weak RC4/HMAC-MD5 in NetLogon Secure Channel. Greg Hudson discovered that Samba incorrectly handled PAC parsing. Joseph Sutton discovered that Samba could be forced to issue rc4-hmac encrypted Kerberos tickets.

Ubuntu Security Notice USN-5822-1

Ubuntu Security Notice 5822-1 - It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. Evgeny Legerov discovered that Samba incorrectly handled buffers in certain GSSAPI routines of Heimdal. A remote attacker could possibly use this issue to cause Samba to crash, resulting in a denial of service.

Microsoft Issues January 2023 Patch Tuesday Updates, Warns of Zero-Day Exploit

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild. 11 of the 98 issues are rated Critical and 87 are rated Important in severity, with the vulnerabilities also listed as publicly known at the time of release. Separately, the Windows maker is expected to release

Rackspace Confirms Play Ransomware Gang Responsible for Recent Breach

Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach. The security incident, which took place on December 2, 2022, leveraged a previously unknown security exploit to gain initial access to the Rackspace Hosted Exchange email environment. "This zero-day exploit is associated with CVE-2022-41080," the Texas-based

Rackspace Sunsets Email Service Downed in Ransomware Attack

The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service.

Rackspace: Ransomware Attack Bypassed ProxyNotShell Mitigations

The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.

Ransomware Attackers Bypass Microsoft's ProxyNotShell Mitigations With Fresh Exploit

The Play ransomware group was spotted exploiting another little-known SSRF bug to trigger RCE on affected Exchange servers.

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford,

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows

December 2022 Patch Tuesday: Get Latest Security Updates from Microsoft and More

Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been addressed in the Chromium-based Edge browser since the start of the month.

APT37 Uses Internet Explorer Zero-Day to Spread Malware

IE is still a vector: South Koreans lured in with references to the deadly Halloween celebration crowd crush in Seoul last October.

Google Warns of Internet Explorer Zero-Day Vulnerability Exploited by ScarCruft Hackers

An Internet Explorer zero-day vulnerability was actively exploited by a North Korean threat actor to target South Korean users by capitalizing on the recent Itaewon Halloween crowd crush to trick users into downloading malware. The discovery, reported by Google Threat Analysis Group researchers Benoît Sevens and Clément Lecigne, is the latest set of attacks perpetrated by ScarCruft, which is

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

Search giant Google on Friday released an out-of-band security update to fix a new actively exploited zero-day flaw in its Chrome web browser. The high-severity flaw, tracked as CVE-2022-4262, concerns a type confusion bug in the V8 JavaScript engine. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the issue on November 29, 2022. Type confusion

Microsoft Patch Tuesday November 2022: Exchange ProxyNotShell RCE, JScript9, MoTW, OpenSSL, Edge, CNG, Print Spooler

Hello everyone! This episode will be about Microsoft Patch Tuesday for November 2022, including vulnerabilities that were added between October and November Patch Tuesdays. As usual, I use my open source Vulristics project to create the report. Alternative video link (for Russia): https://vk.com/video-149273431_456239107 The most important news of this Patch Tuesday was a release of patches […]

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

Red Hat Enterprise Linux and Microsoft security update of November 2022

<p><span><span><span><span><span><span>On November 8th, 2022, Microsoft released a series of security updates for various Windows operating systems to fix two security issues:</span></span></span></span></span></span></p> <ul> <li aria-level="1"><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37966"&

CVE-2022-41128

Windows Scripting Languages Remote Code Execution Vulnerability

CVE-2022-41080

Microsoft Exchange Server Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41123.

CVE-2022-41125

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability.

CVE-2022-41125

Windows CNG Key Isolation Service Elevation of Privilege Vulnerability.

CVE-2022-41128

Windows Scripting Languages Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-41118.

CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability

CVE-2022-37966

Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability.

CVE-2022-38015

Windows Hyper-V Denial of Service Vulnerability.

CVE-2022-41091

Windows Mark of the Web Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2022-41049.

CVE-2022-41073

Windows Print Spooler Elevation of Privilege Vulnerability.

CVE-2022-37967

Windows Kerberos Elevation of Privilege Vulnerability

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days

Microsoft's latest round of monthly security updates has been released with fixes for 68 vulnerabilities spanning its software portfolio, including patches for six actively exploited zero-days. 12 of the issues are rated Critical, two are rated High, and 55 are rated Important in severity. This also includes the weaknesses that were closed out by OpenSSL the previous week. Also separately

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Patch Tuesday, November 2022 Election Edition

Let's face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we've patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November's patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild.

Microsoft Quashes Bevy of Actively Exploited Zero-Days for November Patch Tuesday

Long-awaited security fixes for ProxyNotShell and Mark of the Web bypasses are part of a glut of actively exploited zero-day vulnerabilities and other critical flaws that admins need to prioritize in the coming hours.

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

Microsoft Patch Tuesday for November 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update on Tuesday, disclosing 62 vulnerabilities. Of these vulnerabilities, 8 are classified as “Critical” and the rest are classified as “Important.”

CVE-2022-3723

Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)

A Chrome fix for an in-the-wild exploit is out—Check your version

Categories: Exploits and vulnerabilities Categories: News Google has issued an update for Chrome to fix an issue in the V8 JavaScript engine (Read more...) The post A Chrome fix for an in-the-wild exploit is out—Check your version appeared first on Malwarebytes Labs.

Urgent: Google Issues Emergency Patch for Chrome Zero-Day

With scant details attached, Google Chrome seeks to shore up yet another exploited zero-day vulnerability.

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine. Security researchers Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast have been credited with reporting the flaw on October 25, 2022. "Google is aware of

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The list of

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers.  There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were.  Just as with all other types of mobile apps, there are pitfalls, though.   Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...

Threat Source newsletter (Oct. 6, 2022) — Continuing down the Privacy Policy rabbit hole

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  As I wrote about last week, I’ve been diving a lot into apps’ privacy policies recently. And I was recently made aware of a new type of app I never knew existed — family trackers.  There are countless mobile apps for parents to track their children or other family members based on their location, phone usage, and even driving speed. As an anxious soon-to-be-parent, this sounds intriguing to me — it’d be a supped-up version of Find my Friends on Apple devices so I’d never have to ask my teenager (granted, I’m many years away from being at that stage of my life) when they were coming home or where they were.  Just as with all other types of mobile apps, there are pitfalls, though.   Life360, one of the most popular of these types of apps and even tells users what their maximum driving speed was on a given trip, was found in December 2021 to be selling precise location data on its users, potentia...

ProxyNotShell – the New Proxy Hell?

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to

ProxyNotShell – the New Proxy Hell?

Nicknamed ProxyNotShell, a new exploit used in the wild takes advantage of the recently published Microsoft Server-Side Request Forgery (SSRF) vulnerability CVE-2022-41040 and a second vulnerability, CVE-2022-41082 that allows Remote Code Execution (RCE) when PowerShell is available to unidentified attackers. Based on ProxyShell, this new zero-day abuse risk leverage a chained attack similar to

CVE-2022-41040

Microsoft Exchange Server Elevation of Privilege Vulnerability.

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability.

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory

Worried About the Exchange Zero-Day? Here's What to Do

While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations.

Worried About the Exchange Zero-Day? Here's What to Do

While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations.

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for securit...

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for securit...

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

By Deeba Ahmed The latest attack against Exchange servers utilizes at least two new flaws (CVE-2022-41040, CVE-2022-41082) that have been assigned CVSS scores of 6.3 and 8.8. This is a post from HackRead.com Read the original post: Microsoft Confirms Two 0-Days Being Exploited Against Exchange Servers

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

Microsoft Confirms Pair of Blindsiding Exchange Zero-Days, No Patch Yet

The "ProxyNotShell" security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.

HackRead: Latest News

Postman Workspaces Leak 30000 API Keys and Sensitive Tokens