Currently, attackers are actively exploiting four vulnerabilities in Windows and two vulnerabilities in Exchange Server. Of these, Microsoft classifies three vulnerabilities as “critical” a.
The two Exchange vulnerabilities (CVE-2022-41040, CVE-2022-41082) have been known since the end of September 2022; since then there have also been attacks. Thereafter, Microsoft released various workarounds. But the first ones did not work and had to be improved. Attackers use the vulnerabilities to insert malicious code into systems and install Lockbit ransomware, among other things. Security patches are finally available.
Beware of dangerous files
A vulnerability exploited in Windows (CVE-2022-41091 “medium“) relates to Mark-of-the-Web (MOTW) protection measures. In Windows, protection marks files downloaded from the Internet. If you open a Word document with macros, for example, they are disabled by default Users must explicitly Macros remain a common way for encryption Trojans to sneak onto Windows PCs.
Successful exploitation should also allow attackers to bypass Microsoft Defender SmartScreen. The protection mechanism warns about phishing websites and checks if downloaded files are harmful. In this case, attackers could insert a zip file containing malicious code files into computers and victims would not receive a warning from Windows. The vulnerability was named “ZippyRead”.
The other two exploited Windows vulnerabilities (CVE-2022-41073 “tall“, CVE-2022-41125 “tall“) affect Print Spooler and CNG Key Isolation Service. If the attacks are successful, the attackers could gain higher user rights.
Even more critical gaps
Microsoft classifies other vulnerabilities as “critical” a. Below which in Hyper V, Kerberos Y Windows Peer-to-Peer Tunneling. Attackers could get higher rights at these points. Cripple systems through DoS attacks or even execute malicious code.
Anyone who uses Windows and other Microsoft software should make sure that Windows Update is active and that the latest security patches are installed. This happens automatically in the standard Windows configuration.
Microsoft lists remaining vulnerabilities in the Security Update Guide in.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.