Patchday: Attackers attack Windows 7 to 11

0
11
patchday attackers attack windows 7 to 11.jpg
patchday attackers attack windows 7 to 11.jpg

Critical vulnerabilities threaten Microsoft Dynamics 365 and Windows. Security updates are ready to be installed.

 

Two Windows vulnerabilities closed this patch day are public and known, and one is currently being actively exploited by attackers. In both cases, however, attacks are not easily possible. There are also important security updates for Azure, Defender, Edge and Office, among others.

 

The vulnerability targeted by attackers (CVE-2022-37969) has a threat level of “high According to a warning from Microsoft, it affects Windows 7 to Windows 11 and various Windows server versions. The vulnerability is in the Common Log File System (CLFS).

If attackers successfully attack the vulnerability, they could gain system rights and thus gain full control over the computer. To do this, however, they must already be on a system and be able to run their own code. Microsoft assures that it is not possible to execute malicious code remotely (Remote Code Execution).

What attacks could look like in detail and to what extent they take place is currently unknown. Since, according to the warning, the vulnerability was apparently reported to Microsoft independently by four different institutions, attacks could certainly take place on a larger scale.

The second publicly known vulnerability (CVE-2022-23960″medium“) only affects Windows 11 on ARM64 architecture. Attackers could use a lot of effort to carry out a side-channel attack (Spectre-BHB) and access information.

By Microsoft as “critical” Classified malicious code vulnerabilities affect Dynamics 365 the Internet Key Exchange Protocol (IKE) and TCP/IP on Windows. In order to be able to exploit the two IKE vulnerabilities (CVE-2022-34718, CVE-2022-34722), According to one post, attackers must not be authenticated. As a prerequisite, IPSec must be activated. If this is the case, attackers could send prepared IP packets remotely and then execute malicious code on systems. The vulnerability only affects IKEv1. However, since all Windows servers V1 and accept V2 packages are also all vulnerable.According to security researchers, trojans could spread to other devices like a worm via the vulnerability.

SEE ALSO  WhatsApp for Windows has a new superpower: create stickers from your photos

Other malicious code vulnerabilities affect Microsoft ODBC, OLE DB, Office Visio and SharePoint, among others. By successfully exploiting vulnerabilities in Windows graphics components, attackers could access information that is actually isolated. Windows Secure Channel is vulnerable to DoS attacks.