Posted on

NJCCIC Advisory : Update Software on all Microsoft Products Due to High Risk of Hacking

external content.duckduckgo 46

the staff of the Ridgewood blog

Ridgewood NJ , New Jersey Cybersecurity and Communications Integration Cell  also known as the New Jersey Office of Homeland Security and Preparedness’ Division of Cybersecurity, is warning residents businesses and organizations over multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

microsoft logo psd template by wahashmi d5flfgo1

20% off all web services with Spark Driven https://1.sparkdriven.com/aff.php?aff=3

 

 

Threat Intelligence
Six zero-day vulnerabilities addressed in this advisory were reported by Microsoft as currently being exploited in the wild.
  • CVE-2022-41128 (Windows Scripting Languages Remote Code Execution)
  • CVE-2022-41091 (Windows Mark of the Web Security Feature Bypass Vulnerability)
  • CVE-2022-41073 (Windows Print Spooler Elevation of Privilege Vulnerability)
  • CVE-2022-41125 (Windows CNG Key Isolation Service Elevation of Privilege Vulnerability)
  • CVE-2022-41040 (Microsoft Exchange Server Elevation of Privilege)
  • CVE-2022-41082 (Microsoft Exchange Server Remote Code Execution Vulnerability)

System Affected

 

  • .NET Framework
  • AMD CPU Branch
  • Azure
  • Azure Real Time Operating System
  • Linux Kernel
  • Microsoft Dynamics
  • Microsoft Exchange Server
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Network Policy Server (NPS)
  • Open Source Software
  • Role: Windows Hyper-V
  • SysInternals
  • Visual Studio
  • Windows Advanced Local Procedure Call
  • Windows ALPC
  • Windows Bind Filter Driver
  • Windows BitLocker
  • Windows CNG Key Isolation Service
  • Windows Devices Human Interface
  • Windows Digital Media
  • Windows DWM Core Library
  • Windows Extensible File Allocation
  • Windows Group Policy Preference Client
  • Windows HTTP.sys
  • Windows Kerberos
  • Windows Mark of the Web (MOTW)
  • Windows Netlogon
  • Windows Network Address Translation (NAT)
  • Windows ODBC Driver
  • Windows Overlay Filter
  • Windows Point-to-Point Tunneling Protocol
  • Windows Print Spooler Components
  • Windows Resilient File System (ReFS)
  • Windows Scripting
  • Windows Win32K
Leave a Reply

Your email address will not be published. Required fields are marked *