We would like to bring to your attention, that Windows recently has addressed a total of 128 security vulnerabilities. 10 of these 128 vulnerabilities are rated with the severity Critical. Security patches for these vulnerabilities were made available by Microsoft. In the following sections, we are commenting on the ones that stuck out the most and have serious impact and risk to organizations.
2 Critical Zero-Days that lead to Privilege Escalation
Description
The actively exploited flaw identified by CVE-2022-24521 was found in the Windows Common Log File System (CLFS) and leads to Privilege Escalation on successful exploitation.
The second flaw exploited in the wild is identified by CVE-2022-26904 and leads to the elevation of privileges in the Windows User Profile Service. To successfully exploit this flaw the attacker needs access to the local system and to win a race condition. Other requirements to exploit this flaw are the following:
-
The credentials of another user on the system, different from the user the attacker is logged in as
-
A domain the second user belongs to
Proof of Concept code is publicly available for this vulnerability.
Mitigation
We recommend applying the latest available security patches to mitigate these vulnerabilities.
Vulnerabilities in the Windows RPC Runtime lead to Remote Code Execution
Description
The Windows RPC Runtime was found to be vulnerable to 3 Remote Code Execution vulnerabilities identified by CVE-2022-24528, CVE-2022-24492 and CVE-2022-26809. The CVE-2022-26809 is most likely to be exploited in the wild. Any Windows machine that exposes the port 445 without a security patch for the RPC runtime library in place is vulnerable for exploitation.
Mitigation
We recommend applying the latest available security patches to mitigate these vulnerabilities. To strengthen the general security posture it is also advised to block connections to the RPC Runtime (default port 445) externally when not specifically required by an application or process in place. To mitigate exploitation from the internal network, ensure that only required servers have access to these ports, as it could otherwise allow attackers to laterally move through the environment. Microsoft has released a guide to further secure smb traffic.
Who is affected?
All mentioned vulnerabilities are present across several Windows versions. This includes Windows 7, 8, 10 and 11, as well as Windows Server 2008, 2012, 2016, 2019 and 2022.
Keeping the environment up to date with Windows Autopatch
In regard to keeping the Windows environment up to date, Microsoft is releasing a new ‘Autopatch’ feature in July 2022, which aims to help organizations maintaining the newest versions for installations across the perimeter.
References
-
https://thehackernews.com/2022/04/microsoft-issues-patches-for-2-windows.html
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24521
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26904
-
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26809
-
https://docs.microsoft.com/en-us/windows-server/storage/file-server/smb-secure-traffic
-
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-faq/ba-p/3272081
Claude Fable 5: what we know so far
Fable is the first publicly accessible version of Anthropic’s Mythos-class model, the tier they initially decided was too capable to release at all. What does it…
CovertSwarm is a founding signatory of the CREST AI Charter
CovertSwarm has become a founding signatory of the CREST AI Charter, endorsing nine principles for responsible AI use in cybersecurity.
Sunday Times Best Places to Work. Three Years Running.
We attack businesses for a living. So we hold ourselves to the same standard internally. Here’s what 100% participation and three consecutive years in the Sunday…