Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited

Microsoft on Tuesday released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks.

The zero-day, flagged as CVE-2022-26925, is described as a Windows LSA spoofing vulnerability that provides a path for attackers to authenticate to domain controllers.

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM,” Microsoft warned in a barebones advisory that acknowledged the zero-day exploitation. 

“This security update detects anonymous connection attempts in LSARPC and disallows it,” Microsoft added.

As is customary, the company did not provide any additional…


Source link

About coldfusion

Check Also

The History and Size of Microsoft | ColdFusion – MSN

Department of Energy To Revisit Cold Fusion – Space Daily

[unable to retrieve full-text content]Department of Energy To Revisit Cold Fusion  Space Daily Source link

Leave a Reply

Your email address will not be published. Required fields are marked *