Alert: PayPal ‘New Address’ Phishing Scam
The Cyber and Fraud Centre Scotland would like to alert the public to a recent phishing scam exploiting PayPal’s “New Address” feature. How the Scam…
Microsoft Patch Tuesday Fixes Nine Critical Vulnerabilities
Microsoft’s November Patch Tuesday addresses 62 vulnerabilities, nine of which are critical. Six of the vulnerabilities are actively exploited zero-days, which includes two used in ProxyNotShell attacks (CVE-2022-41082 and CVE-2022-41040) affecting on-premise Microsoft Exchange Servers.
The other four actively exploited vulnerabilities include:
- CVE-2022-41091 – Windows Mark of the Web Security Feature Bypass Vulnerability allows for an attacker to craft a malicious file that would evade Mark of the Web defences. The hacker could use a malicious website or a specially crafted .url file to exploit the bypass. The vulnerability requires the user to take action, such as clicking on a link or malicious attachment within a phishing email.
- CVE-2022-41128 – Windows Scripting Languages Remote Code Execution Vulnerability impacts the Jscript9 scripting language. It allows for an attacker hosting a specially crafted server share or website to execute code remotely, providing they can convince a user to visit the server share or website, possibly through phishing emails or chat messages.
- CVE-2022-41073 – Windows Print Spooler Elevation of Privilege Vulnerability allows an attacker to gain system privileges if successfully exploited.
- CVE-2022-41125 – Windows CNG Key Isolation Service Elevation of Privilege Vulnerability also allows an attacker to gain system privileges if successfully exploited.
Microsoft is urging administrators to patch systems as soon as possible, as threat actors are actively exploiting several of these vulnerabilities.
Microsoft has published a security update guide for this month’s Patch Tuesday, which includes technical descriptions of all vulnerabilities fixed.
Related Links:
https://www.tenable.com/blog/microsofts-november-2022-patch-tuesday-addresses-62-cves-cve-2022-41073 -Published 8th November
https://msrc.microsoft.com/update-guide/releaseNote/2022-Nov – Published 8th November
Related articles
Gift Card Scams: Understanding and Preventing a Rising Trend
Gift card scams are a significant threat, with fraudsters increasingly targeting both businesses and individuals through sophisticated social engineering techniques. This article examines gift card…
Massive Brute Force Attack Targeting Networking Devices
A large-scale brute force attack is underway, using nearly 2.8 million IP addresses daily to target networking devices from Palo Alto Networks, Ivanti, and SonicWall….