Latest News


Microsoft' s latest security update fixes 64 new flaws, including a zero-day bug

Last week Microsoft released patches to address 64 new security holes in its software, of which five were classed as critical, 57 as important, one as moderate, and one as low. The patches also addressed a zeroday vulnerability affecting all supported versions of Windows, that has already been actively exploited in attacks.


The zero-day bug, tracked as CVE-2022-37969, is described as an elevation of privilege flaw in the Windows Common Log File System Driver, a subsystem used for data and event logging. The bug allows an attacker to obtain the highest level of access, known as system privileges, to a vulnerable device.


Speaking about the bug Dustin Childs, head of threat intelligence at the Zero Day Initiative said: “Bugs of this nature are often wrapped into some form of social engineering attack, such as convincing someone to open a file, and once they do, additional code executes with elevated privileges to take over a system”.


Microsoft credited four different sets of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the flaw, which they believe may be an indication of widespread exploitation in the wild, although they did not share any further details about the attacks exploiting this vulnerability.


Lastly, included in the raft of security updates is a fix for a second zero-day flaw affecting Windows 11 for ARM-based systems, tracked as CVE-2022-23960, that’s described as a cache speculation vulnerability known as “Spectre-BHB”, a variant of the Spectre v2 vulnerability, which can allow attackers to steal data from memory.


Click here to read the full news story

Read all news stories