Microsoft has revealed 73 new patches for May’s monthly update of security fixes, including a patch for one flaw–a zero-day Windows LSA Spoofing Vulnerability rated as “important”—that is currently being exploited with man-in-the-middle attacks. The software giant’s monthly update of patches that comes out every second Tuesday of the month–known as Patch Tuesday—also included fixes for seven “critical” flaws, 65 others rated as “important,” and one rated as “low.” Given that Microsoft released a record number of patches in April, May’s patch tally is relatively low, but still includes a number of notable flaws that deserve attention, researchers said. “Although this isn’t a large number, this month makes up for it in severity and infrastructure headaches,” observed Chris Hass, director of security at security firm Automox_, _in an email to Threatpost. “The big news is the critical vulnerabilities that need to be highlighted for immediate action.” Of the seven critical flaws, five allow for remote code execution (RCE) and two give attackers elevation of privilege (EoP). The remainder of the flaws also include a high percentage of RCE and EoP bugs, with the former accounting for 32.9 percent of the flaws patched this month, while the latter accounted for 28.8 percent of fixes, according to a blog post by researchers at Tenable. The Windows LSA Spoofing Vulnerability, tracked as CVE-2022-26925, in and of itself was not rated as critical. However, when chained with a new…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-05-11 07:12:002022-05-11 07:12:00Actively Exploited Zero-Day Bug Patched by Microsoft
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org