Security News

A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. While Microsoft did not share too many details about the bug, they stated that the fix affected the EFS API OpenEncryptedFileRaw(A/W) function, which indicated that this might be another unpatched vector for the PetitPotam attack.

Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. "The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers" by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread. "These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947."

Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. Microsoft says the known issue is only triggered after installing the updates on servers used as domain controllers.

Microsoft says multiple editions of Windows 10 20H2 and Windows 10 1909 have reached their end of service on this month's Patch Tuesday, on May 10, 2022. This announcement comes after multiple reminders, including those issued this year in February and April, prompting customers to upgrade since Windows 10 20H2 will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users.

Microsoft has revealed 73 new patches for May's monthly update of security fixes, including a patch for one flaw-a zero-day Windows LSA Spoofing Vulnerability rated as "Important"-that is currently being exploited with man-in-the-middle attacks. The software giant's monthly update of patches that comes out every second Tuesday of the month-known as Patch Tuesday-also included fixes for seven "Critical" flaws, 65 others rated as "Important," and one rated as "Low."

Microsoft has addressed a known issue causing apps using Direct3D 9 to experience problems after installing April 2022 cumulative updates, including crashes and errors on systems using certain GPUs. The problems affect systems running Windows 11 and Windows 10, where users have installed the KB5012643 and KB5011831 optional preview cumulative updates.

Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. The researchers observed IceApple being deployed after the threat actor obtains initial access to the network belonging to organizations in various activity sectors: technology, academic, and government.

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. The updates are in addition to 36 flaws patched in the Chromium-based Microsoft Edge browser on April 28, 2022.

Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code.

May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack and two publicly known vulnerabilities. First and foremost, we have CVE-2022-26925, an "Important" spoofing vulnerability in Windows Local Security Authority that may turn into a "Critical" one if combined with NTLM relay attacks.