{"id":36596,"date":"2022-06-09T06:45:00","date_gmt":"2022-06-09T06:45:00","guid":{"rendered":"https:\/\/cloudnewshub.com\/archives\/36596"},"modified":"2022-06-09T06:45:00","modified_gmt":"2022-06-09T06:45:00","slug":"cyber-researchers-step-in-to-fill-patch-tuesdays-shoes","status":"publish","type":"post","link":"https:\/\/cloudnewshub.com\/?p=36596","title":{"rendered":"Cyber researchers step in to fill Patch Tuesday\u2019s shoes"},"content":{"rendered":"<div><img decoding=\"async\" src=\"http:\/\/cloudnewshub.com\/wp-content\/uploads\/2022\/06\/cyber-researchers-step-in-to-fill-patch-tuesdays-shoes.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Ahead of the final <a href=\"https:\/\/www.computerweekly.com\/news\/252518038\/Microsoft-fixes-three-zero-days-on-May-Patch-Tuesday\">Patch Tuesday<\/a>, which true to precedent is due on Tuesday 14 June, analysts at Recorded Future are stepping into the breach, launching a monthly report that will detail the most impactful <a href=\"https:\/\/www.techtarget.com\/searchsecurity\/definition\/Common-Vulnerabilities-and-Exposures-CVE\">common vulnerabilities and exposures<\/a> (CVEs) circulating.<\/p>\n<p>And its inaugural edition contains some significant vulnerabilities, including several zero-days. Of these, the most critical is probably <a href=\"https:\/\/www.computerweekly.com\/news\/252520855\/Researchers-discover-zero-day-Microsoft-vulnerability-in-Office\">CVE-2022-30190, or Follina<\/a>, which Recorded Future\u2019s research unit, <a href=\"https:\/\/www.recordedfuture.com\/research\/insikt-group\" target=\"_blank\" rel=\"noopener noreferrer\">the Insikt Group<\/a>, said it saw being exploited by China-linked threat actors on 30 May, barely 24 hours after initial disclosure.<\/p>\n<p>\u201cIt was also later confirmed that the vulnerability was used in three threat actor campaigns prior to public disclosure, including a spear-phishing campaign targeting entities in Saudi Arabia. The exploitation before disclosure shows how quickly APT groups take advantage of major new exploits,\u201d said the team.<\/p>\n<p>\u201cA key takeaway from the Follina disclosure is how fast attackers are using maldoc-based exploits now that <a href=\"https:\/\/www.computerweekly.com\/news\/252513124\/Microsoft-to-start-blocking-macros-to-thwart-malware\">Microsoft is turning off VBA-based macros by default<\/a>,\u201d they added.<\/p>\n<p>\u201cSecurity teams should prepare themselves for an eventful second half of the year as additional ways that Microsoft systems are vulnerable to maldoc exploits are likely to be discovered.\u201d<\/p>\n<p>The team said it was tracking several zero-days in a wide array of products and software including remote support tools, operating systems, Active Directory services and even graphics drivers. Of the seven most critical vulnerabilities listed, five were zero-days when disclosed, meaning users have had no time to patch before malicious actors started exploiting them.<\/p>\n<p>\u201cMere vulnerability management alone is not sufficient,\u201d the said. \u201cSecurity teams are strongly encouraged to deploy a defence-in-depth approach across their networks.\u201d<\/p>\n<p>The full list of vulnerabilities, in order of severity, contained in the first edition of CVE Monthly is as follows:<\/p>\n<ul class=\"default-list\">\n<li>CVE-2022-30190 (Follina), a zero-day in Microsoft\u2019s Windows remote support tool;<\/li>\n<li>CVE-2022-26925, a zero-day in Microsoft\u2019s Windows security service;<\/li>\n<li>CVE-2022-26923, in Microsoft\u2019s Windows directory service (Active Directory);<\/li>\n<li>CVE-2022-20821, a zero-day in Cisco\u2019s IOS XR network operating system;<\/li>\n<li>CVE-2022-29104, in Microsoft Windows printer operations;<\/li>\n<li><a href=\"https:\/\/www.computerweekly.com\/news\/252515434\/Apple-drops-emergency-patches-for-two-zero-days\">CVE-2022-22675<\/a>, a zero-day in Apple\u2019s AppleAVD audio and video decoding service;<\/li>\n<li>CVE-2022-22674, a zero-day in Apple\u2019s macOS graphics driver;<\/li>\n<li>And CVE-2022-26134, a zero-day in Atlassian\u2019s Confluence collaboration software, which is significant but not listed as critical.<\/li>\n<\/ul>\n<section class=\"section main-article-chapter\" data-menu-title=\"What\u2019s up with Patch Tuesday?\">\n<h3 class=\"section-title\"><i class=\"icon\" data-icon=\"1\"><\/i>What\u2019s up with Patch Tuesday?<\/h3>\n<p>Earlier this year, <a href=\"https:\/\/www.computerweekly.com\/news\/252515909\/Microsoft-patches-two-zero-days-10-critical-bugs\">Microsoft announced Windows Autopatch<\/a>, an automated service that will effectively take over patching duties from hard-pressed security admins.<\/p>\n<p>The development of Windows Autopatch, which will be a feature of Windows Enterprise E3 licences and covers Windows 10, 11 and 365 for now, was driven by precisely this concern that the vast complexity of most IT environments has massively increased the number of potential vulnerabilities that teams need to keep on top of, leading to inevitable security gaps.<\/p>\n<p>\u201cThis service will keep Windows and Office software on enrolled endpoints up to date automatically, at no additional cost,\u201d&nbsp;<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/windows-it-pro-blog\/get-current-and-stay-current-with-windows-autopatch\/ba-p\/3271839\">said Microsoft\u2019s Lior Bela<\/a> at the time. \u201cIT admins can gain time and resources to drive value. The second Tuesday of every month will be \u2018just another Tuesday\u2019.\u201d<\/p>\n<\/section>\n","protected":false},"excerpt":{"rendered":"<p>Ahead of the final Patch Tuesday, which true to precedent is due on Tuesday 14 June, analysts at Recorded Future are stepping into the breach, launching a monthly report that will detail the most impactful common vulnerabilities and exposures (CVEs) circulating. And its inaugural edition contains some significant vulnerabilities, including several zero-days. Of these, the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":36597,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[533],"tags":[],"class_list":["post-36596","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-it"],"_links":{"self":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36596","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=36596"}],"version-history":[{"count":0,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/posts\/36596\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=\/wp\/v2\/media\/36597"}],"wp:attachment":[{"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=36596"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=36596"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloudnewshub.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=36596"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}