Microsoft Confirms Windows Users Targeted By 0Day Hack Attack

Microsoft Confirms Windows Users Targeted By 0Day Hack Attack
Cybersecurity Microsoft Confirms Windows Users Targeted By 0Day Hack Attack Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to improve your content experience. Got it! Jul 28, 2022, 04:17am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Microsoft confirms 0Day attack targeting law firms, banks and strategic consultancies SOPA Images/LightRocket via Getty Images Microsoft has demonstrated how important it is to apply security updates as soon as possible, with confirmation of how a zero-day vulnerability fixed in the July 'Patch Tuesday' rollout is being used in targeted attacks.
Regular viewers of the Straight-Talking Cyber video podcast, or readers of the combined efforts published at Forbes by the STC team, will be aware that we spend a lot of time talking about security patches and operating system updates. There's a very good reason driving the update now message: threat actors of all flavors are looking for those users who don't. MORE FROM FORBES Inside The Russian Cybergang Thought To Be Attacking Ukraine-The Trickbot Leaks By Davey Winder Microsoft says CVE-2022-22047 needs to be patched as a matter of urgency As I reported recently, almost every version of Windows and Windows Server was vulnerable to being attacked using CVE-2022-22047 , a 0Day security threat that Microsoft rated as being 'important' rather than critical.
At the time I thought this was somewhat odd, given the seriousness of the vulnerability and the fact threat actors were known to be targeting it before the system patch was made available. At the time, Mike Walters, co-founder of Action1, a cloud-based monitoring specialist, told me that CVE-2022-22047 "is critical because it is actively exploited in the wild," adding "use of this vulnerability gives an attacker SYSTEM privileges. " MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features The reasoning behind the important rating would appear to be that it could only be executed locally but ask most any security professional and they will tell you that including something like this as part of a chained attack with other exploits is far from being in the realm of fantasy.
Indeed, even the Cybersecurity & Infrastructure Security Agency (CISA) thought the vulnerability worthy of adding to the Known Exploited Vulnerabilities Catalog and, importantly, mandating U. S. federal agencies to patch their systems by 2 August at the latest.
MORE FROM FORBES Google Chrome: 0Day Targets Journalists, 11 New Security Holes Plugged In Latest Update By Davey Winder Law firms and banks amongst those being targeted by Subzero attack Now Microsoft itself has confirmed just how seriously this 0Day needs to be taken, with news of how threat actors have been seen exploiting it. " We observed attacks targeting law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama," Cristin Goodwin, the general manager at Microsoft's Digital Security Unit, said. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) have also warned that a private-sector offensive actor (PSOA) was using this, and other Windows and Adobe 0-day exploits, in an attack using specially crafted malware named Subzero.
The PSOA, given a tracking label of Knotweed, was behind the development of the Subzero malware , Microsoft stated. Microsoft advises all Windows users to install the CVE-2022-22047 patch as soon as possible. Users of Microsoft Defender Antivirus should also ensure it has been updated to at least 'security intelligence update 1.
371. 503. 0' and Excel macro settings should be changed to control the running of macros.
Multi-factor authentication (MFA) should be enabled to mitigate any potential credentials compromises. Follow me on Twitter or LinkedIn . Check out my website or some of my other work here .
Davey Winder Editorial Standards Print Reprints & Permissions.