Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited

Microsoft on Tuesday released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks.

The zero-day, flagged as CVE-2022-26925, is described as a Windows LSA spoofing vulnerability that provides a path for attackers to authenticate to domain controllers.

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM,” Microsoft warned in a barebones advisory that acknowledged the zero-day exploitation. 

“This security update detects anonymous connection attempts in LSARPC and disallows it,” Microsoft added.

As is customary, the company did not provide any additional…


Source link

About coldfusion

Check Also

One Major Series Finale Complaint

Bob Odenkirk thought a whole lot about a certain Nic Cage movie while filming the …

Leave a Reply

Your email address will not be published.