The August update fixes a larger-than-average total of 121 vulnerabilities, 17 of them classed as critical – likely in part due to disclosures and proof-of-concept exploits to be shown off at Black Hat USA and the upcoming DEF CON hacker event. It’s the second-to-last Patch Tuesday as we know it, and Microsoft has fixed a total of 75 bugs, including three zero-days.The last Patch Tuesday in its current form is overshadowed by persistent concerns about how Microsoft deals with vulnerability disclosure.While some admins can put their feet up and let Windows Autopatch do the hard work of updating their Microsoft estates, for the rest of us, the Patch Tuesday bandwagon keeps on keeping on.“Follina has been recently used by threat actors – for example, Chinese APT TA413 – in phishing campaigns that have targeted local US and European government personnel, as well as a major Australian telecommunications provider. Successful exploitation of this vulnerability allows an attacker to deploy malware and gain foothold on a system.” “However, as we see today’s bad actors growing more sophisticated and creative in their exploits, a recent zeroday that leveraged the ms:msdt protocol URI scheme (Follina) forced MSFT to reconsider DogWalk as a vulnerability,” he said. It was initially reported back in 2019, but not deemed a vulnerability as it was believed to require significant user interaction to exploit, and there were various other mitigations in place. Qualys director of vulnerability and threat research Bharat Jogi added: “The DogWalk zero-day vulnerability is not new to the industry. Therefore, it is vital that organisations apply the available patches as soon as possible.”
“For attackers, bugs that can be executed via malicious documents remain a valuable tool, so flaws like Follina and CVE-2022-34713 will continue to be used for months. “A variety of threat actors leverage spear phishing, from advanced persistent threat (APT) groups to ransomware affiliates,” he said. “With reports that CVE-2022-34713 has been exploited in the wild, it would appear that attackers are looking to take advantage of flaws within MSDT as these types of flaws are extremely valuable to launch spear phishing attacks,” said Tenable senior staff research engineer Satnam Narang. This is the second major MSDT vulnerability to have been fixed by Microsoft in the past few months, following the disclosure of the dangerous Follina zero-day at the end of May, which was patched in June. As such, it is rated merely important as opposed to critical. Tracked as CVE-2022-34713, successful exploitation requires the victim to be convinced to open a specially crafted file, which can be delivered either via email or an attacker-controlled or compromised website.
0 kommentar(er)
