1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft just fixed a whole load of serious security flaws, so p

    From TechnologyDaily@1337:1/100 to All on Wed Sep 14 14:15:04 2022
    Microsoft just fixed a whole load of serious security flaws, so patch now

    Date:
    Wed, 14 Sep 2022 13:01:15 +0000

    Description:
    Microsoft warns several of the fixed flaws are zero-days, one of which is being actively exploited.

    FULL STORY ======================================================================

    Septembers Patch Tuesday is upon us, giving Microsoft the opportunity to fix, among other things, two zero-day vulnerabilities being actively exploited in the wild.

    As per the companys security advisory, the two flaws are tracked as CVE-2022-37969, and CVE-2022-23960. The former is a Windows Common Log File System Driver Elevation of Privilege Vulnerability, and it allows for remote code execution. It holds a severity score of 7.8.

    "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft's advisory warns. Fixing dozens of flaws

    The second flaw is described as Arm: CVE-2022-23960 Cache Speculation Restriction Vulnerability and this one allows an attacker to leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches, and obtain sensitive information through cache allocation. It has a severity score of 5.6.

    Besides these two vulnerabilities, Microsoft has patched a total of 61 flaws, excluding the 16 flaws fixed in Microsoft Edge prior to the release of this cumulative update. These flaws include 18 elevation of privilege vulnerabilities, 1 security feature bypass vulnerability, 30 remote code execution vulnerabilities, seven information disclosure vulnerabilities,
    seven denial of service vulnerabilities, as well as 16 Edge - Chromium vulnerabilities (excluding the 16 mentioned earlier). Read more

    A new Windows Search zero-day is giving Microsoft another security headache


    Microsoft Edge gets emergency patch for severe zero-day vulnerability


    Here's our rundown of the best antivirus solutions around

    Microsoft has had a busy year fixing zero-day vulnerabilities across its
    tools and services. In early July 2022, it fixed a zero-day found in its Edge browser. Tracked as CVE-2022-2294, its a high-severity heap-based buffer overflow weakness.

    A month earlier, in June, the company fixed two flaws that allowed threat actors to run malware on target endpoints , one in Windows Search, and one in Microsoft Office OLEObject. Through the use of a weaponized Word document,
    the Search zero-day can be used to automatically open a search window with a remotely hosted malware. This was made possible due to how Windows handles a URI protocol handler called search-ms. These are the best firewalls right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/microsoft-just-fixed-a-whole-load-of-security-f laws-so-patch-now/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)