Microsoft Patches Windows Flaw Under Attack and Reported by NSA

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Patches Windows Flaw Under Attack and Reported by NSA


Go patch your systems before the exploit spreads more widely, ZDI warns.



Microsoft today issued 128 patches in a total of 145 CVEs this month for security vulnerabilities in Windows, Defender, Edge, Exchange Server, Office, SharePoint, DNS server, Windows Print Spooler, and other software.
An elevation of privilege flaw in Windows Common Log File System Driver
CVE-2022-24521
is already being exploited in the wild, and was reported to Microsoft by the National Security Agency and researchers from CrowdStrike. Since this vulnerability only allows a privilege escalation, it is likely paired with a separate code execution bug, ZDI
wrote in its analysis
of the April batch of Microsoft patches. Its not stated how widely the exploit is being used in the wild, but its likely still targeted at this point and not broadly available. Go patch your systems before that situation changes.
There are 10 critical vulns
among the security updates today
, including two that ZDI says could be abused as worms: a remote code execution bug in RPC Runtime Library (
CVE-2022-26809
) and a remote code execution flaw in Windows Network File System (
CVE-2022-24491
/
24497
).

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Patches Windows Flaw Under Attack and Reported by NSA