Microsoft on Tuesday released software fixes to address more than 90 security defects affecting products in the Windows ecosystem and warned that one of the vulnerabilities was already being exploited as zero-day in the wild.
The exploited vulnerability – documented as CVE-2022-41033 – affects the Windows COM+ event system service and has been exploited in elevation of privilege attacks, suggesting it was used as part of an exploit chain detected in the wild.
The latest zero-day was reported anonymously to Microsoft.
The new warning comes less than a month after Microsoft’s security response team scrambled to issue mitigations for a pair of Exchange Server flaws targeted by a nation state-level threat actor.
Those two Exchange Server vulnerabilities – CVE-2022-41040 and…
Source link