12/25/2023 0 Comments Trend microTwo known, exploited Exchange flaws uncovered two weeks ago were missing from Microsoft’s update. Microsoft said that exploitation for the flaw is “more likely,” but an attacker must first be authenticated to the target site in order to exploit the bug, with the permission to use Manage Lists within SharePoint. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.”Īnother notable critical-severity vulnerability is a Microsoft SharePoint flaw (CVE-2022-41038), which could allow an attacker with Manage List permissions to launch a network-based attack in order to execute code remotely on the SharePoint server. “This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. “Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters,” according to Microsoft’s advisory. Despite the flaw’s high CVSS score of 10 out of 10, exploitation is classified as “less likely ” Microsoft said that an attacker would need to know the randomly generated external DNS endpoint for an Azure Arc-enabled Kubernetes cluster in order to exploit this vulnerability from the internet. Other notable bugs in the update include a critical-severity, privilege-elevation flaw (CVE-2022-37968) in Azure Arc Connect. The flaw advisory was fixed quietly in August and listed as an "informational change only" as part of Microsoft's October security updates. One vulnerability publicly disclosed in the October release was a critical severity Windows CryptoAPI spoofing flaw (CVE-2022-34689) that was reported by the National Security Agency (NSA) and the UK National Cyber Security Centre (NCSC), which could allow an attacker to manipulate an existing public x.509 certificate to spoof their identify and perform actions - like authentication or code signing - as the targeted certificate. “These types of attacks often involve some form of social engineering, such as enticing a user to open an attachment or browse to a malicious website,” said Childs in a Tuesday analysis.īeyond CVE-2022-41033, out of the 85 flaws patched in Microsoft’s update, 15 were rated critical, while 69 were rated important. Dustin Childs, with Trend Micro’s Zero Day Initiative, said that the privilege-escalation flaw would likely be paired “with other code execution exploits designed to take over a system.” However, the flaw’s attack complexity, and privileges required, are classified as low. The flaw’s attack vector is listed as local, meaning that a threat actor would need to rely on user interaction, or access the target system locally, in order to exploit it. While Microsoft confirmed that exploitation for the flaw has been detected, it did not disclose further details about the breadth and scope of exploitation. The important-severity flaw (CVE-2022-41033) exists in the Windows COM+ Event System service - which is an automated system that stores event information from various publishers in the Component Object Model (COM+) catalog, according to Microsoft - and could allow an attacker to gain SYSTEM privileges. Trend Micro has over 7,000 employees across 65 countries, singularly focused on security innovation and passionate about making the world a safer and better place, enabling organizations to simplify and secure their connected world.Microsoft has issued a patch for an actively exploited privilege-escalation Windows vulnerability, along with 84 other bugs, in its October regularly scheduled security update. Trend Micro’s global threat research team delivers unparalleled intelligence and insights that power its cybersecurity platform and help protect organizations around the world from hundreds of millions of threats daily. Fueled by decades of global security expertise, threat research, and continuous innovation, its unified cybersecurity platform protects hundreds of thousands of organizations and millions of individuals from risks across their attackĪs a leader in cloud and enterprise cybersecurity, its platform delivers a powerful range of advanced threat protection optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. Trend Micro is a global technology leader, helping to make the world safe for exchanging digital information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |