PT-2022-14862 · Undefined · Undefined

ParsedReport 01-10-2022 Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082 Threats: Chinachopper Backdoor:win32/rewritehttp...

Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082

October 1, 2022 update – Added information about Exploit:Script/ExchgProxyRequest.A, Microsoft Defender AV’s robust detection for exploit behavior related to this threat. We also removed a section on MFA as a mitigation, which was included in a prior version of this blog as standard guidance...

ZINC weaponizing open-source software

In recent months, Microsoft has detected a wide range of social engineering campaigns using weaponized legitimate open-source software by an actor we track as ZINC. Microsoft Threat Intelligence Center MSTIC observed activity targeting employees in organizations across multiple industries includi...

New Windows 11 security features are designed for hybrid work

Attackers are constantly evolving, becoming increasingly sophisticated and destructive—the median time for an attacker to access your private data if you fall victim to a phishing email is 1 hour, 12 minutes.1 Microsoft tracks more than 35 ransomware families and more than 250 unique nation-state...

Hookup site targeted by typo-squatters

Ethical hacker and security researcher Kody Kinzie shared with BleepingComputer a list of over 50 domains of which many are spelling variations of the brand name Sniffies. Sniffies identifies itself as a "modern, map-based, meetup app for gay, bi, and curious guys." Kody used an open source tool...

OPSWAT MetaDefender ICAP Server 跨站脚本漏洞

OPSWAT MetaDefender ICAP Server is an advanced threat protection software for network traffic from OPSWAT, USA. It is used to protect systems and users by examining every file transmitted over a network. A security vulnerability exists in OPSWAT MetaDefender ICAP Server versions prior to 4.13.0. ...

Implementing a Zero Trust strategy after compromise recovery

What changes after compromise recovery? After a successful compromise recovery effort, you are back in control. Likely, you gave your team a round of applause and took a sigh of relief. Now what? Is everything going back to as it was in the past? Absolutely not! A compromise recovery engagement i...

CVE-2022-35835

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-35828

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability...

CVE-2022-35836

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-35834

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2022-35828

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability...

CVE-2022-35835

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

Privilege escalation

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability...

CVE-2022-35828 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

...

CVE-2022-35828

CVE-2022-35828 is an elevation-of-privilege vulnerability in Microsoft Defender for Endpoint for Mac. The root cause is insufficient access control, enabling a local, authenticated attacker to escalate privileges to SYSTEM/root. Impact is privilege escalation on macOS endpoints running Defender f...

Secure your endpoints with Transparity and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms EPPs are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlat...

Secure your endpoints with Transparity and Microsoft

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Endpoint protection platforms EPPs are dead and no longer sufficient to protect your organization, right? Wrong. When it comes to cybersecurity, the ability to normalize and correlat...

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability

...

KLA19248 PE vulnerability in Microsoft System Center

An elevation of privilege vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-35828 Related products Windows-Defender CVE list CVE-2022-35828 critical KB list Solution Install necessary updates from th...