Threat Advisory – June 16 – 22

Windows Logo

CySec News

Microsoft has released out-of-band (OOB) Windows updates to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. Today’s OOB updates will be automatically installed via Windows Update and can also be downloaded and installed manually via the Microsoft Update Catalog (KB5016139 for Windows 10 and KB5016138 for Windows 11).

Reference: https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/

 

A new DFSCoerce Windows NTLM relay attack has been discovered that uses MS-DFSNM, Microsoft’s Distributed File System, to completely take over a Windows domain.

Reference: https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/

 

This month’s Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. One of the more severe problems is the servers freezing for several minutes after a client connects to the RRAS server with SSTP.

Reference: https://www.bleepingcomputer.com/news/microsoft/recent-windows-server-updates-break-vpn-rdp-rras-connections/

 

Nearly five dozen security vulnerabilities have been disclosed in devices from 10 operational technology (OT) vendors due to what researchers call are “insecure-by-design practices.” Collectively dubbed OT:ICEFALL by Forescout, the 56 issues span as many as 26 device models from Bently Nevada, Emerson, Honeywell, JTEKT, Motorola, Omron, Phoenix Contact, Siemens, and Yokogawa.

Reference: https://thehackernews.com/2022/06/researchers-disclose-56-vulnerabilities.html

 

People in Russia can no longer download Windows 10 and Windows 11 ISOs and installation tools from Microsoft, with no reason for the block provided by the company.

Reference: https://www.bleepingcomputer.com/news/microsoft/windows-10-and-windows-11-downloads-blocked-in-russia/

 

7-zip has finally added support for the long-requested ‘Mark-of-the-Web’ Windows security feature, providing better protection from malicious downloaded files. When you download documents and executables from the web, Windows adds a special ‘Zone.Id’ alternate data stream to the file called the Mark-of-the-Web (MoTW). This identifier tells Windows and supported applications that the file was downloaded from another computer or the Internet and, therefore, could be a risk to open.

Reference: https://www.bleepingcomputer.com/news/microsoft/7-zip-now-supports-windows-mark-of-the-web-security-feature/

 

Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe’s product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity.

Reference: https://www.bleepingcomputer.com/news/security/adobe-acrobat-may-block-antivirus-tools-from-monitoring-pdf-files/

 

Microsoft has announced today the general availability of Microsoft Defender for Individuals, the company’s new security solution for personal phones and computers.

Reference: https://www.bleepingcomputer.com/news/microsoft/new-cloud-based-microsoft-defender-for-home-now-generally-available/

 

Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. The vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0.

Reference: https://www.bleepingcomputer.com/news/security/cisco-says-it-won-t-fix-zero-day-rce-in-end-of-life-vpn-routers/

 

Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. The Wi-Fi hotspot feature allows users to share their Wi-Fi, Ethernet, or cellular data Internet connection with other devices on their network. According to a new entry on the Windows release health dashboard, Windows devices where one of the June updates has been installed might be unable to use the Wi-Fi hotspot feature.

Reference: https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-updates-may-break-wi-fi-hotspots/

 

WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up.

Reference: https://www.bleepingcomputer.com/news/security/730k-wordpress-sites-force-updated-to-patch-critical-plugin-bug/

CVE’s of the Week

Dell

CVE-2022-29095 – Score 7.6

CVE-2022-29094 – Score 3.6

CVE-2022-29093 – Score 3.6

CVE-2022-29092 – Score 7.2

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.