A week in security (October 10 - 16)

Last week on Malwarebytes Labs: Teen talk: What it's like to grow up online, and the role of parents: Lock and Code S03E21 White House unveils Blueprint for an AI Bill of Rights Credential stuffers take aim at Final Fantasy XIV players Meta accuses apps of stealing WhatsApp accounts Smart lights...

Akamai’s Perspective on October’s Patch Tuesday 2022

Every Patch Tuesday stirs up the community. See Akamai's October insights and recommendations on what to focus on, and patch, patch, patch!...

Did Patch Tuesday address the zero-day flaw in Microsoft Exchange

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Microsoft addresses two new zero-day vulnerabilities tracked under CVE-2022-41033, an Elevation of Privilege vulnerability exploited in the wild. CVE-2022-41043 is an Information Disclosure...

Update now! October patch Tuesday fixes actively used zero-day...but not the one you expected

Microsoft fixed 84 vulnerabilities in its October 2022 Patch Tuesday updates. Thirteen of them received the classification 'Critical'. Among them are a zero-day vulnerability that's being actively exploited, and another that hasnt been spotted in the wild yet. The bad news is that the much-desire...

Microsoft Patch Tuesday Fixes New Windows Zero-Day; No Patch for Exchange Server Bugs

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs, 15 are rated Critical, 69 are rated Important, and one is rated Moderate in severity. The update,...

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities

Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the companys hardware and software line, including seven critical issues in Windows point-to-point tunneling protocol. Octobers security update features 11 critical vulnerabilities, with the remainder bei...

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from...

The Bug Report — September 2022 Edition

The Bug Report — September 2022 Edition By Charles McFarland · October 5, 2022 As long as it works.... Why am I here? Welcome back to the Bug Report, don’t-stub-your-toe edition! For those in the audience unfamiliar with how we do things here, every month we filter down that month’s bugs to just ...

Microsoft Patch Tuesday September 2022: CLFS Driver EoP, IP packet causes RCE, Windows DNS Server DoS, Spectre-BHB

Hello everyone! Lets take a look at Microsofts September Patch Tuesday. This time it is quite compact. There were 63 CVEs released on Patch Tuesday day. If we add the vulnerabilities released between August and September Patch Tuesdays as usual, they were in Microsoft Edge, the final number is 90...

Akamai’s Perspective on September’s Patch Tuesday

Every Patch Tuesday stirs up the community. See Akamai's September insights and recommendations on what to focus on, and patch, patch, patch!...

Microsoft's Latest Security Update Fixes 64 New Flaws, Including a Zero-Day

Tech giant Microsoft on Tuesday shipped fixes to quash 64 new security flaws across its software lineup, including one zero-day flaw that has been actively exploited in real-world attacks. Of the 64 bugs, five are rated Critical, 57 are rated Important, one is rated Moderate, and one is rated Low...

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This months Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of...

Patch Tuesday - September 2022

This month’s Patch Tuesday is on the lighter side, with 79 CVEs being fixed by Microsoft including 16 CVEs affecting Chromium, used by their Edge browser, that were already available. One zero-day was announced: CVE-2022-37969 is an elevation of privilege vulnerability affecting the Log File Syst...

September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities with 5 Critical, plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities with 35 Critical.

Microsoft Patch Tuesday Summary Microsoft has fixed 63 vulnerabilities aka flaws in the September 2022 update, including five 5 vulnerabilities classified as Critical as they allow Remote Code Execution RCE. This months Patch Tuesday fixes two 2 zero-day vulnerabilities, with one 1 actively...

Microsoft Patch Tuesday for September 2022 — Snort rules and prominent vulnerabilities

By Jon Munshaw and Asheer Malhotra. Microsoft released its monthly security update Tuesday, disclosing 64 vulnerabilities across the company’s hardware and software line, a sharp decline from the record number of issues Microsoft disclosed last month. September's security update features five...

Introducing Qualys Threat Research Thursdays

Welcome to the first edition of the Qualys Research Team’s “Threat Research Thursday” where we collect and curate notable new tools, techniques, procedures, threat intelligence, cybersecurity news, malware attacks, and more. We will endeavor to issue these update reports regularly, as often as...

Microsoft tackles DogWalk zero-day vulnerability and multiple privilege escalation vulnerabilities

Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary Microsoft Patch Tuesday addresses CVE-2022-34713, also known as DogWalk, as well as numerous issues affecting Microsoft Exchange Server, Microsoft Windows Support Diagnostic Tool MSDT, Windows Print...

Akamai?s Perspective on August Patch Tuesday

Want the rundown of what to focus on with Patch Tuesday in one place? Check out this blog, and patch, patch, patch!...

Akamai’s Perspective on August Patch Tuesday

Want the rundown of what to focus on with Patch Tuesday in one place? Check out this blog, and patch, patch, patch!...

CISA Issues Warning on Active Exploitation of UnRAR Software for Linux Systems

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a recently disclosed security flaw in the UnRAR utility to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. Tracked as CVE-2022-30333 CVSS score: 7.5, the issue concerns a path...