Security News

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Microsoft has published the exploit code for a vulnerability in macOS that could help an attacker bypass sandbox restrictions and run code on the system. The company released the technical details for the security issue, which is currently identified as CVE-2022-26706, and explained how the macOS App Sandbox rules could be avoided to allow malicious macro code in Word documents to execute commands on the machine.

Once the attacker has the stolen credentials and session cookies, they can access the victim's email boxes and run a business email compromise campaign, in this case payment fraud, according to Microsoft security researchers. "While AiTM phishing isn't new, our investigation allowed us to observe and analyze the follow-on activities stemming from the campaign - including cloud-based attack attempts - through cross-domain threat data from Microsoft 365 Defender," researchers from the Microsoft 365 Defender Research Team and Microsoft Threat Intelligence Center wrote in a blog post.

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft.

Microsoft has fixed 32 vulnerabilities in the Azure Site Recovery suite that could have allowed attackers to gain elevated privileges or perform remote code execution.The Azure Site Recovery service is a disaster recovery service that will automatically fail-over workloads to secondary locations when a problem is detected.

Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows' Client/Server Runtime Subsystem. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," Microsoft noted, but the attacker must first gain access to the system, usually by exploiting a separate code execution bug.

Microsoft reminded customers today that Windows Server, version 20H2 will be reaching its End of Service next month, on August 9. This comes after a May 2022 reminder that Windows Server 20H2 will reach the mainstream support end date for Standard Core and Datacenter Core users.

Today is Microsoft's July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws. This month's Patch Tuesday fixes an actively exploited zero-day elevation of privileges vulnerability.

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise attacks. In some of the observed attacks, the potential victims were redirected to the landing pages from phishing emails using HTML attachments that acted as gatekeepers ensuring the targets were being sent via the HTML redirectors.