Microsoft Patch Tuesday: 64 Security Flaw Patches Update Now
Microsoft Patch Tuesday fixes 11 critical security vulnerabilities and six zero-days being actively exploitedby cyber attackers.
The security flaws impact Microsoft products including Windows, Microsoft Azure, Microsoft Exchange Server, Microsoft Office and more.
Some of which have been targeted by malicious hackers for months.
Two of the critical updates, CVE-2022-41028 and CVE-2022-41040, address security vulnerabilities in Microsoft Exchange Server, which have actively been under attack since September.
CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability, an exploit that allows attackers to make server-side application requests from an unintended location.
For example, allowing them to access internal services without being within the perimeter of the network.
CVE-2022-41082 allows remote code execution when PowerShell is accessible to the attacker. Previously, Microsoft had only released mitigations for the vulnerabilities, but now patches are available.
These should be applied as soon as possible toprevent attackers from exploiting them to access networks.
CVE-2022-41128 is another vulnerability described as both critical and actively being exploited in the wild. It’s a remote code execution vulnerability in Windows Scripting Languages.
To exploit the vulnerability, attackers need to lure victims to specially crafted websites or servers, something that could be achieved with a phishing attack, which they can exploit to run code.
Microsoft hasn’t detailed how widely exploited this vulnerability is, but it’s likely to be a go-to tool for cyber criminals.
Dustin Childs of Zero Day Initiative, a scheme with the aim of encouraging the reporting of zero-day vulnerabilities said,”considering it’s a browse-and-own type of scenario, I expect this will be a popular bug to include in exploit kits.”
Three of the vulnerabilities classed as ‘important’ are also being exploited by attackers and should be patched as soon as possible.
CVE-2022-41091 is a Windows mark of the web (MotW) security feature bypass vulnerability that allows attackers to get around Microsoft Windows defenses that are supposed to identify files coming from an untrusted source by issuing a security warning.
When cyber attackers exploit the vulnerability correctly, no alert is issued, meaning the user is unaware that they could be subject to malicious activity.
The vulnerability was publicly disclosed in October and can now be patched.
CVE-2022-41125 is an elevation of privilege vulnerability in the Windows Cryptography API: Next Generation (CNG) Key Isolation Service.
If exploited correctly, the vulnerability allows an attacker to run code.
CVE-2022-41073, is a Windows Print Spooler elevation of privilege vulnerability, another patch designed to prevent attackers exploiting Print Nightmare flaws.
These were first disclosed in July last year, but continue to be a popular attack vector for cyber attackers.
Microsoft hasn’t detailed how widespread these cyber attacks going after the three ‘important’ vulnerabilities are.
It’s recommended that the Microsoft Patch Tuesday updates are applied as soon as possible to prevent malicious hackers from exploiting vulnerabilities.
Especially since it’s known that several of the flaws are already being actively targeted.