Security News

Details have emerged about a now-patched security flaw in Windows Common Log File System that could be exploited by an attacker to gain elevated permissions on compromised machines. "The cause of the vulnerability is due to the lack of a strict bounds check on the field cbSymbolZone in the Base Record Header for the base log file in CLFS.sys," the cybersecurity firm said in a root cause analysis shared with The Hacker News.

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs,...

Today is Microsoft's October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws. The above counts do not include twelve vulnerabilities fixed in Microsoft Edge on October 3rd. For information about the non-security Windows updates, you can read today's Windows 10 KB5018410 and KB5018419 updates and the Windows 11 KB5018427 update.

Microsoft has updated the mitigations for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.Reported privately to Microsoft three weeks ago, CVE-2022-41040 is a server-side request forgery that enables privilege escalation and works with CVE-2022-41082 to trigger remote code execution on on-premise Exchange server deployments.

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year.

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution.

CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA's Known Exploited Vulnerabilities Catalog. Mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

Introducing the book: Project Zero TrustIn this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book - "Project Zero Trust: A Story about a Strategy for Aligning Security and the Business". How the CIO's relationship to IT security is changingIn this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description.

Just having your Exchange server accessible to email users over the internet is not enough on its own to expose you to attack, because so-called unauthenticated invocation of these bugs is not possible. According to Microsoft, blocking TCP ports 5985 and 5986 on your Exchange server will limit attackers from chaining from the first vulnerability to the second.

Attackers are leveraging two zero-day vulnerabilities to breach Microsoft Exchange servers."At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users' systems. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either of the two vulnerabilities."