Join online with today’s leading executives at the Data Summit on March 9th. Register here.
The latest Microsoft vulnerabilities added to CISA’s well-known exploit vulnerabilities catalog show that the tech giant is doing the right thing when it comes to keeping the security community informed, cyber security professionals said today.
The Federal Cyber Security and Infrastructure Security Agency (CISA) has been found to be used by attackers as part of malicious cyber activities and poses a “significant risk to the federal enterprise.”
The latest update to the catalog came last Friday with the addition of CVE-2022-21882, which has a “high” intensity rating of 7.0 (out of 10.0) and can be used to enable privilege enhancement in the Microsoft Windows environment. These include multiple versions of Microsoft’s Windows 10 and Windows 11 PC operating systems, as well as Microsoft’s Windows Server 2019 and Windows Server 2022.
Using vulnerabilities in the Win32k.sys driver, a local attacker who is unauthorized can gain elevated local system or admin privileges, Microsoft said in its vulnerability announcement.
Casey Bisan, head of product and developer relationships at code security vendor Bluebracket, said privileged growth bugs like these “are a nuisance to any operating system, and every successful OS vendor or community prioritizes improvements for them.”
“Microsoft’s announcement here is an example of responsible behavior,” Bisne said. “If each app vendor approaches the security of their apps in the same way that Microsoft and other OS teams have-with automated code scanning and other search efforts, explicit ads and quick fixes અમે we will have far fewer security risks.”
By including the CVE-2022-21882 vulnerability in its well-known exploit vulnerabilities catalog, CISA directed federal agencies to update their systems with available patches.
Mike Parkin, an engineer at Vulcan Cyber, said: “It seems that the CISA has added this as a due diligence, as an attack is a high risk.” “Microsoft’s explanation suggests that the attack requires local access and is of high complexity, which reduces the likelihood of its widespread use in both wildlife.”
Patches are available for vulnerabilities, and patches should be deployed “as part of any organization’s standard maintenance process,” Parkin said.
Unlike vulnerabilities that could enable early access to the system, this latest vulnerability from Microsoft is “useful for enhancing the power of marginal initial access, once it’s already achieved,” said Casey Ellis, founder and chief technology officer at Bugcroad. “The significance of this is that it shifts the focus of prevention from ‘prevent intrusion’ to ‘assumption and intrusion.'”
Other recent vulnerability ads have posed a greater risk to businesses. It includes a series of 15 vulnerabilities in Cisco routers, including five with a “critical” severity rating announced last week.
In late January, researchers revealed the “PwnKit” vulnerability, which affects the pkexec of the widely installed Linux program પો Polkit અને and can be easily exploited for local privilege enhancement.
Venturebeat’s mission Digital Town Square is set to become a place for technical decision makers to gain knowledge about the changing enterprise technology and practices. Learn more