Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the hcaptcha-for-forms-and-more domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/wp-includes/functions.php on line 6114
Dubai Tech News

Critical New Security Update For Millions Of Windows 10, 11 & Server Users

DTN

Cybersecurity Critical New Security Update For Millions Of Windows 10, 11 & Server Users Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber Jun 15, 2022, 06:13am EDT | Share to Facebook Share to Twitter Share to Linkedin Microsoft Patch Tuesday fixes critical security flaws in Windows 10, 11 & Server Getty Images As well as fixing the already under attack Follina zero-day exploit , Microsoft has just confirmed three critical vulnerabilities that impact millions of Windows and Windows Server users. Within the collection of 55 new Microsoft security updates, yes it’s Patch Tuesday time again, there are three that are rated as critical.

The good news is that none of these, in fact, none of the 55 listed vulnerabilities, are known to currently be under exploitation in the wild. I can say that despite the CVE-2022-30190 Follina fix being distributed as, bizarrely, Microsoft didn’t list it among the vulnerabilities patched. MORE FROM FORBES Act Now To Fix Under Attack Microsoft Windows 0-Day Hack By Davey Winder The three critical security flaws are as follows CVE-2022-30136 CVE-2022-30136 impacts Windows Server (2012, 2016, 2019) users and is a remote code execution (RCE) threat that could be exploited over the network using a malicious call to a network file system (NFS) service.

According to Mike Walters, cybersecurity executive and co-founder of Action1, it is believed “an exploit for this vulnerability has been developed, although this information has not been confirmed. ” He also warns that “this June patch should only be applied after the May one has already been installed,” in reference to the CVE-2022-26937 patch last month. MORE FOR YOU iOS 15: Apple Issues 22 Important iPhone Security Updates Widely-Used Hikvision Security Cameras Vulnerable To Remote Hijacking iOS 15 Is Available Now With These Stunning New iPhone Privacy Features CVE-2022-30139 CVE-2022-30139 impacts Windows (10 & 11) and Windows Server (2016, 2019, 20H2, 2022) users and is another RCE but this time impacting the Windows lightweight directory access protocol (LDAP) where default policy values have been changed.

According to Vulnerability Database , while the full technical details are as yet unknown, “a simple authentication is necessary for exploitation. ” While confirming no public exploit is available, the site suggests one could be worth between $5,000 and $25,000. CVE-2022-30163 CVE-2022-30163 impacts Windows (7, 8.

1, 10 & 11) and Windows Server (2008, 2012, 2016, 2019, 20H2 & 2022) users and is another arbitrary remote code execution vulnerability. This time it targets Windows Hyper-V host using a malicious application on a Hyper-V guest. According to the Trend Micro Zero Day Initiative , “Microsoft notes that attack complexity is high since an attacker would need to win a race condition.

However, we have seen many reliable exploits demonstrated that involve race conditions, so take the appropriate step to test and deploy this update. ” Should you update your Windows or Windows Server platform immediately? Obviously, as always, the takeaway is to update as soon as possible in order to shore up these security holes. Well, for consumers at least.

The situation becomes more complex for organizations. “Businesses are typically slow in applying patches, yet I’d bet vulnerabilities are still the most common reason organizations are compromised,” Mark Lamb, CEO of HighGround. io, says.

“Security standards, including the U. K. Cyber Essentials overview standard, encourage patches to be deployed within 14 days of release for both Operating Systems and Applications, but it’s not uncommon for organizations to take months to get their patches deployed.

” Lamb recommends, where possible, businesses should be “diligent in approving and deploying patches on a weekly basis, because,” he says, “you don’t know what the next vulnerability is going to be and whether it could have been mitigated by consistent and diligent patching. ” Follow me on Twitter or LinkedIn . Check out my website or some of my other work here .

Davey Winder Editorial Standards Print Reprints & Permissions.

From: forbes
URL: https://www.forbes.com/sites/daveywinder/2022/06/15/critical-new-security-update-for-millions-of-windows-10-11–server-users/

Exit mobile version