Threat Advisory – May 12-18

Microsoft Defender

CySec news

Microsoft has reminded customers today that Windows Server, version 20H2, will be reaching the end of service (EOS) on August 9, 2022. In a support document published today, Microsoft says that Windows Server 20H2 will reach the mainstream support end date for Datacenter Core and Standard Core users.



NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. The security update fixes vulnerabilities that can lead to denial of service, information disclosure, elevation of privileges, code execution, etc. Interestingly, apart from the current and recent product lines that are actively supported, NVIDIA’s latest release also covers GTX 600 and GTX 700 Kepler-series cards, whose support ended in October 2021. The GPU maker previously promised to continue providing critical security updates for these products until September 2024, and this driver update honors that promise.



Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. The flaw is an out-of-bounds write issue (CVE-2022-22675) in the AppleAVD (a kernel extension for audio and video decoding) that allows apps to execute arbitrary code with kernel privileges. The bug was reported by anonymous researchers and fixed by Apple in macOS Big Sur 11.6., watchOS 8.6, and tvOS 15.5 with improved bounds checking. The list of impacted devices includes Apple Watch Series 3 or late, Macs running macOS Big Sur, Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD.



A new variant of the macOS malware tracked as UpdateAgent has been spotted in the wild, indicating ongoing attempts on the part of its authors to upgrade its functionalities. The newly discovered Swift-based dropper masquerades as Mach-O binaries named “PDFCreator” and “ActiveDirectory” that, upon execution, establish a connection to a remote server and retrieve a bash script to be executed.



Tracked as CVE-2022-30525, the vulnerability is rated 9.8 for severity and relates to a command injection flaw in select versions of the Zyxel firewall that could enable an unauthenticated adversary to execute arbitrary commands on the underlying operating system.



SonicWall “strongly urges” customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances. While the first flaw (an unauthenticated access control bypass rated as high severity) is now tracked as CVE-2022-22282, the other two (a hard-coded cryptographic key and an open redirect, both rated as medium severity) are still waiting for a CVE ID to be issued. “There are no temporary mitigations. SonicWall urges impacted customers to implement applicable patches as soon as possible,” the company says in a security advisory published this week.



Sophos has released a fix for a known issue triggering blue screens of death (aka BSODs) on Windows 11 systems running Sophos Home antivirus software after installing the KB5013943 update. Sophos says the issue is caused by the hmpalert.sys (aka HitManPro.Alert Support) Windows driver used by Sophos Home. The fix for this known bug will apply automatically to all impacted systems, with users prompted to restart their devices as soon as the patch is applied.



The European Parliament announced a “provisional agreement” aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called “NIS2” (short for network and information systems), is expected to replace the existing legislation on cybersecurity that was established in July 2016. The revamp sets ground rules, requiring companies in energy, transport, financial markets, health, and digital infrastructure sectors to adhere to risk management measures and reporting obligations.



HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. In phishing emails, HTML files are commonly used to redirect users to malicious sites, download files, or to even display phishing forms locally within the browser. As HTML is not malicious, attachments tend not to be detected by email security products, thus doing a good landing in recipients’ inboxes.


CVE’s of the Week


CVE-2022-20796 – Score 4.9

CVE-2022-20794 – Score4.3

CVE-2022-20785 – Score 7.8

CVE-2022-20780 – Score 4.3

CVE-2022-20779 – Score 9.3

CVE-2022-20777 – Score 9.0

CVE-2022-20771 – Score 7.8

CVE-2022-20770 – Score 7.8

CVE-2022-20767 – Score 7.8

CVE-2022-20764 – Score 5.5

CVE-2022-20760 – Score 7.8

CVE-2022-20759 – Score 8.5

CVE-2022-20757 – Score 4.3

CVE-2022-20748 – Score 5.0

CVE-2022-20746 – Score 7.1

CVE-2022-20745 – Score 7.8

CVE-2022-20742 – Score 5.8

CVE-2022-20737 – Score 7.0

CVE-2022-20734 – Score 4.9

CVE-2022-20730  Score 5.0

CVE-2022-20729 – Score 4.6

CVE-2022-20715 – Score 7.8


CVE-2022-29131 – Score 9.0

CVE-2022-29130 – Score 9.3

CVE-2022-29129 – Score 9.0

CVE-2022-29128 – Score 9.0

CVE-2022-22014 –  Score 6.5

CVE-2022-22013 – Score 6.5

CVE-2022-22012 – Score 9.3


CVE-2022-23443 – Score 5.0

CVE-2021-43206 – Score 4.3

CVE-2021-41032 – Score 5.5

CVE-2021-41020 – Score 6.5

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.