Security News

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery vulnerability also exploited in Play ransomware attacks. Cloud computing provider Rackspace recently confirmed that Play ransomware used a zero-day exploit dubbed OWASSRF targeting this bug to compromise unpatched Microsoft Exchange servers on its network after bypassing ProxyNotShell URL rewrite mitigations.

Anti-analysis techniques are deployed by malware to evade analysis or render the file analysis much more complex and difficult for researchers and malware sandboxes. File enumeration is a critical operation for ransomware operators.

Glaringly obvious at the very top of the list are the names in the Product column of the first nine entries, dealing with an elevation-of-privilege patch denoted CVE-2013-21773 for Windows 7, Windows 8.1, and Windows RT 8.1. Windows 8.1, which is remembered more as a sort-of "Bug-fix" release for the unlamented and long-dropped Windows 8 than as a real Windows version in its own right, never really caught on.

Included in the usual tsunami of fixes Microsoft issued this week as part of Patch Tuesday was one that took care of a connectivity problem for applications using the Open Database Connectivity interface. The ODBC problem was one of several stemming from the November Patch Tuesday updates that Microsoft had to address.

The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, including one bug that the company said is being actively exploited in the wild.It's also worth noting that the U.S. Cybersecurity and Infrastructure Security Agency has added the vulnerability to its Known Exploited Vulnerabilities catalog, urging federal agencies to apply patches by January 31, 2023.

Microsoft has fixed a known issue affecting Windows apps using ODBC database connections after installing the November 2022 Patch Tuesday updates. This issue impacts both client and server Windows platforms, from Windows 7 SP1 and Windows Server 2008 SP2 up to the latest released Windows 11 and Windows Server 2022.

To mark the January 2023 Patch Tuesday, Microsoft has released patches for 98 CVE-numbered vulnerabilities, including one exploited in the wild and one that's been publicly disclosed. The one publicly disclosed vulnerability - CVE-2023-21549, in Windows SMB Witness - is apparently less likely to be exploited in the latest Windows and Windows Server versions, even though attack complexity and privileges required are low, and no user interaction is needed.

Microsoft has addressed a known issue causing Blue Screen of Death crashes with 0xc000021a errors after installing the Windows 10 KB5021233 cumulative update released during the December Patch Tuesday. The issue was fixed in the KB5022282 update issued today for all Windows 10 versions currently under support.

Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. This is the first Patch Tuesday of 2023, and it fixes a whopping 98 vulnerabilities, with eleven of them classified as 'Critical.

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. "Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers," reads a report by Microsoft security researcher Sunders Bruskin.