Security News

Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection vulnerability affecting its Analytics On-Prem and Global Management System products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "Improper neutralization of special elements" used in an SQL command that could lead to an unauthenticated SQL injection.

SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS and Analytics On-Prem products.The flaw, tracked as CVE-2022-22280, allows SQL injection due to improper neutralization of special elements used in an SQL Command.

Australian software firm Atlassian warned customers to immediately patch a critical vulnerability that provides remote attackers with hardcoded credentials to log into unpatched Confluence Server and Data Center servers. As the company revealed this week, the Questions for Confluence app creates a disabledsystemuser account with a hardcoded password to help admins migrate data from the app to the Confluence Cloud.

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. While this account, Atlassian says, is to help administrators migrate data from the app to Confluence Cloud, it's also created with a hard-coded password, effectively allowing viewing and editing all non-restricted pages within Confluence by default.

Complaints over Microsoft's latest patch Tuesday have intensified after some Windows 11 users found their systems worse for wear following installation. The July 12 patch, KB5015814, was a relatively straightforward one that dealt with a number of what Microsoft delicately termed "Security issues" in its summary.

A Windows 11 vulnerability, part of Microsoft's Patch Tuesday roundup of fixes, is being exploited in the wild, prompting the U.S. Cybersecurity and Infrastructure Security Agency to advise patching of the elevation of privileges flaw by August 2. The recommendation is directed at federal agencies and concerns CVE-2022-22047, a vulnerability that carries a CVSS score of high and exposes Windows Client Server Runtime Subsystem used in Windows 11 and also Windows Server 2022 to attack.

Microsoft released its monthly round of Patch Tuesday updates to address 84 new security flaws spanning multiple product categories, counting a zero-day vulnerability that's under active attack in the wild. Very little is known about the nature and scale of the attacks other than an "Exploitation Detected" assessment from Microsoft.

Despite worries that Patch Tuesday may not be as exciting now that Microsoft's Windows Autopatch is live - with a slew of caveats - the second Tuesday of this month arrived with 84 security fixes, including 4 critical bugs and one that's under active exploit. Microsoft deemed it an "Important" security issue, with low complexity and low privileges required to exploit.

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem to its list of bugs abused in the wild.This high severity security flaw impacts both server and client Windows platforms, including the latest Windows 11 and Windows Server 2022 releases.

Today is Microsoft's July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws. This month's Patch Tuesday fixes an actively exploited zero-day elevation of privileges vulnerability.