Microsoft has released 64 software patches to fix security flaws in products such as Windows, Exchange, and Office, which include fixing 11 critical flaws and 6 zero-day vulnerabilities. Security flaws affect Microsoft products including Windows, Azure, Exchange Server, and Office; Bugs, some of which have been repeatedly targeted by malicious hackers in the past months.
Two of the updates address Microsoft Exchange Server security vulnerabilities identified as CVE-2022-41028 and CVE-2022-41040 that have been exploited by hackers since September.
CVE-2022-41040 is a server-side request forgery (SSRF) vulnerability that allows attackers to make server-side application requests from an unintended location. For example, this bug allows hackers to access internal services of a network without being within range.
CVE-2022-41082 also allows remote code execution when a PowerShell attacker is present. Previously, Microsoft had only provided measures to fix these vulnerabilities; But now there are patches available that can prevent attackers from exploiting it to gain access to networks.
Another vulnerability described as a critical bug is CVE-2022-41128. This vulnerability is actually a bug in the remote code execution of Windows script languages. To exploit this vulnerability, an attacker must redirect the victim to specific websites or servers; It is possible to do this with a phishing attack and it can be used to execute malicious codes.
Attackers are exploiting three examples of vulnerabilities that are classified as critical and should be patched as soon as possible. to report ZDNetOne such bug is CVE-2022-41091, which allows attackers to bypass Microsoft’s Windows defenses for files that come from an untrusted source. With the correct exploitation of this vulnerability, Windows does not issue any warning, which means that the user is unaware that he may be exposed to malicious activities. The bug was publicly disclosed in October and can now be fixed by installing new software patches from Microsoft.
Another exploitable vulnerability that was also mentioned in an update from Microsoft a few days ago is CVE-2022-41125. This bug also allows attackers to execute their desired code on the target system. Another bug for which a software patch has been released is known as CVE-2022-41073. This is an important bug that was first revealed in July last year; But it is still one of the popular methods of hackers to attack the victim’s system.
We recommend that you apply the Microsoft security updates released in the past few days on your system as soon as possible to increase your security against hackers.