βοΈ βWormableβ Flaw Leads January 2022 Patch Tuesday βοΈ
π Read
via "Krebs on Security".
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is "wormable," meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.π Read
via "Krebs on Security".
Krebsonsecurity
βWormableβ Flaw Leads January 2022 Patch Tuesday
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems.β¦
π΄ Cloud Apps Replace Web as Source for Most Malware Downloads π΄
π Read
via "Dark Reading".
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.π Read
via "Dark Reading".
Dark Reading
Cloud Apps Replace Web as Source for Most Malware Downloads
Two-thirds of all malware distributed to enterprise networks last year originated from cloud apps such as Google Drive, OneDrive, and numerous other cloud apps, new research shows.
π’ FBI warns of hackers mailing malicious USB sticks to businesses π’
π Read
via "ITPro".
The FIN7 cyber crime group is alleged to be behind the months-long wave of attacks against the defence, transportation, and insurance industriesπ Read
via "ITPro".
IT PRO
FBI warns of hackers mailing malicious USB sticks to businesses | IT PRO
The FIN7 cyber crime group is alleged to be behind the months-long wave of attacks against the defence, transportation, and insurance industries
βΌ CVE-2022-21897 βΌ
π Read
via "National Vulnerability Database".
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21916.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21842 βΌ
π Read
via "National Vulnerability Database".
Microsoft Word Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21902 βΌ
π Read
via "National Vulnerability Database".
Windows DWM Core Library Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21852, CVE-2022-21896.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21895 βΌ
π Read
via "National Vulnerability Database".
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21919.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21864 βΌ
π Read
via "National Vulnerability Database".
Windows UI Immersive Server API Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21912 βΌ
π Read
via "National Vulnerability Database".
DirectX Graphics Kernel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21898.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21919 βΌ
π Read
via "National Vulnerability Database".
Windows User Profile Service Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21895.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21904 βΌ
π Read
via "National Vulnerability Database".
Windows GDI Information Disclosure Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21848 βΌ
π Read
via "National Vulnerability Database".
Windows IKE Extension Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-21843, CVE-2022-21883, CVE-2022-21889, CVE-2022-21890.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21873 βΌ
π Read
via "National Vulnerability Database".
Tile Data Repository Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21913 βΌ
π Read
via "National Vulnerability Database".
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21839 βΌ
π Read
via "National Vulnerability Database".
Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21960 βΌ
π Read
via "National Vulnerability Database".
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21961, CVE-2022-21962, CVE-2022-21963.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21962 βΌ
π Read
via "National Vulnerability Database".
Windows Resilient File System (ReFS) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21892, CVE-2022-21928, CVE-2022-21958, CVE-2022-21959, CVE-2022-21960, CVE-2022-21961, CVE-2022-21963.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21910 βΌ
π Read
via "National Vulnerability Database".
Microsoft Cluster Port Driver Elevation of Privilege Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21907 βΌ
π Read
via "National Vulnerability Database".
HTTP Protocol Stack Remote Code Execution Vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21914 βΌ
π Read
via "National Vulnerability Database".
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21885.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21906 βΌ
π Read
via "National Vulnerability Database".
Windows Defender Application Control Security Feature Bypass Vulnerability.π Read
via "National Vulnerability Database".