Microsoft Windows Security Warning as Multiple 0 Days Used in Attacks on Business Users

Microsoft has demonstrated the importance of applying security updates as soon as possible, with confirmation of how a zero-day vulnerability patched during the July ‘Patch Tuesday’ rollout is being used in attacks targeted.

Regular viewers of the Straight-Talking Cyber ​​video podcast, or readers of the combined efforts posted on Forbes by the STC team, will be aware that we spend a lot of time talking about security patches and operating system updates. . There’s a very good reason behind the immediate update message: threat actors of all kinds are looking for users who don’t.

MORE FORBESInside the Russian Cybergang Supposed to Attack Ukraine – The Trickbot LeaksBy Davey Winder

Microsoft says CVE-2022-22047 needs to be fixed urgently

As I recently reported, almost all versions of Windows and Windows Server were susceptible to attack using CVE-2022-22047, a 0Day security threat that Microsoft called “Significant” rather what a criticism.

At the time, I thought this was somewhat odd, given the severity of the vulnerability and the fact that threat actors were known to target it before the system patch was available. At the time, Mike Walters, co-founder of Action1, a specialist in cloud-based surveillance, told me that CVE-2022-22047 “is critical because it is actively exploited in the wild,” adding ” Use of this vulnerability grants an attacker SYSTEM privileges.”

The reasoning behind the large rating seems to be that it can only be run locally, but ask most security professionals and they’ll tell you to include something like this as part of a chain attack with other exploits is far from the realm of fantasy. Indeed, even the Cybersecurity & Infrastructure Security Agency (CISA) considered that the vulnerability deserved to be added to the catalog of known exploited vulnerabilities and, above all, to require US federal agencies to patch their systems by August 2. at the latest.

MORE FORBESGoogle Chrome: 0Day targets journalists, 11 new security flaws plugged in latest updateBy Davey Winder

Law firms and banks among the targets of the Subzero attack

Now, Microsoft itself has confirmed how seriously this 0Day should be taken, with news on how threat actors have been seen exploiting it. “We have observed attacks targeting law firms, banks and strategy consulting firms in countries like Austria, the UK and Panama,” said Cristin Goodwin, general manager of Microsoft’s digital security unit.

The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) also warned that a private sector offensive actor (PSOA) was using this, along with other Windows and Adobe 0-day exploits, in an attack. using malware named Subzero. The PSOA, with a knotweed tracking tag, was behind the development of the Subzero malwaresaid Microsoft.

Microsoft advises all Windows users to install patch CVE-2022-22047 as soon as possible. Microsoft Defender Antivirus users should also ensure that it has been updated with at least “Security Update 1.371.503.0” and that Excel macro settings should be changed to control macro execution . Multi-factor authentication (MFA) should be enabled to mitigate any potential credential compromise.