Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited

Microsoft on Tuesday released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks.

The zero-day, flagged as CVE-2022-26925, is described as a Windows LSA spoofing vulnerability that provides a path for attackers to authenticate to domain controllers.

“An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM,” Microsoft warned in a barebones advisory that acknowledged the zero-day exploitation. 

“This security update detects anonymous connection attempts in LSARPC and disallows it,” Microsoft added.

As is customary, the company did not provide any additional…


Source link

About coldfusion

Check Also

CISA Reports Adobe ColdFusion Flaw Exploitation in Federal Agency – Security Boulevard

CISA Reports Adobe ColdFusion Flaw Exploitation in Federal Agency – Security Boulevard

[unable to retrieve full-text content]CISA Reports Adobe ColdFusion Flaw Exploitation in Federal Agency  Security Boulevard Source …

Leave a Reply

Your email address will not be published. Required fields are marked *