Microsoft confirms Windows users targeted by 0Day Hack attack

Microsoft confirms 0Day attack targeting law firms, banks and strategic consultancies

SOPA Images/LightRocket via Getty Images

Microsoft has demonstrated the importance of applying security updates as soon as possible, with confirmation of a zero-day vulnerability fixed in July’s “Patch Tuesday” release being used in targeted attacks.

Regular viewers of the Straight-Talking Cyber ​​video podcast, or readers of the combined efforts published on Forbes by the STC team, will be aware that we spend a lot of time talking about security patches and OS updates. There’s a very good reason that’s pushing the update message now: threat actors of all stripes are looking for those users who don’t.

MORE FROM FORBESInside The Russian Cybergang Thought It Would Attack Ukraine-The Trickbot LeaksBy Davey Winder

Microsoft says CVE-2022-22047 must be patched as a matter of urgency

As I reported recently, nearly all versions of Windows and Windows Server were vulnerable to attack via CVE-2022-22047, a 0Day security threat that Microsoft rated as “important” rather than critical.

At the time I thought this was a bit odd, given the severity of the vulnerability and the fact that threat actors were known to be targeting it before the system patch was available. At the time, Mike Walters, co-founder of Action1, a cloud-based monitoring specialist, told me that CVE-2022-22047 “is critical because it is actively exploited in the wild,” adding that “the use of this vulnerability gives an attacker.SYSTEM privileges.”

The reasoning behind the major rating seems to be that it could only be run locally, but ask most any security professional and they’ll tell you that including something like this as part of an attack chained with other exploits is far from to be in the field of security. fantasy In fact, even the Cybersecurity and Infrastructure Security Agency (CISA) deemed the vulnerability worthy of being added to the Catalog of Known Exploited Vulnerabilities and, importantly, forced federal agencies of the US to patch their systems by August 2nd at the latest.

MORE FORBESGoogle Chrome: 0Day Targets Journalists, 11 New Security Holes Plugged Latest Davey Winder Update

Law firm and banks among the targets of the Subzero attack

Now Microsoft has confirmed just how seriously this 0Day should be taken, with news of how threat actors have been seen exploiting it. “We saw attacks targeting law firms, banks and strategic consultancies in countries like Austria, the United Kingdom and Panama,” said Cristin Goodwin, general manager of Microsoft’s Digital Security Unit.

The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) have also warned that a Private Sector Offensive Actor (PSOA) was using this, and other exploits in Windows and Day 0 Adobe, in a specially designed attack. malware called Subzero. The PSOA, with a Knotweed tracking tag, was behind the development of the Subzero malware, Microsoft said.

Microsoft advises all Windows users to install the CVE-2022-22047 patch as soon as possible. Microsoft Defender Antivirus users should also ensure that it has been updated to at least “Security Intelligence Update 1.371.503.0” and that the Excel macro settings should be changed to control the execution of macros. Multi-factor authentication (MFA) should be enabled to mitigate any potential credential compromise.

Leave a Comment

Your email address will not be published. Required fields are marked *