Microsoft today released updates to fix at least 86 security vulnerabilities in its the Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft says is being actively exploited. The software giant also took the controversial step to curb a plan to block macros in Desk documents downloaded from the Internet.
In February, security experts hailed Microsoft’s decision to block VBA macros in all documents downloaded from the Internet. The company said it will roll out the changes in stages between April and June 2022.
Macros have long been a trusted way for cybercriminals to trick people into running malicious code. Microsoft Office by default warns users that enabling macros in untrusted documents is a security risk, but these warnings can be easily disabled with a click. According to Microsoft’s plan, the new warnings provided no way to enable macros.
As Ars-Technica veteran journalist Dan Goodin Put the“Security professionals, some of whom have spent the past two decades watching customers and employees infected with ransomware, windshield wipers and espionage with frustrating regularity, applauded the change.”
But last week, Microsoft abruptly changed course. As reported for the first time by BeepComputerRedmond said it would roll back the changes based on user feedback.
“Although Microsoft did not share the negative feedback that led to the rollback of this change, users reported that they could not find the Unblock button to remove Mark-of-the-Web from downloaded files. , which makes it impossible to enable macros.” Sergiu Gatlan wrote.
Microsoft later said the decision to backtrack by disabling macros by default was temporary, though it didn’t say when this significant change might be made in earnest.
The Windows zero-day vulnerability already under active attack is CVE-2022-22047, which is an elevation of privilege vulnerability in all supported versions of Windows. Trend Micro Zero Day Initiative notes that while this bug is listed as under active attack, there is no information from Microsoft about the location or extent of its exploitation.
“The vulnerability allows an attacker to execute code as SYSTEM, provided they can execute other code on the target,” ZDI’s Dustin Childs said. wrote. “Bugs of this type are usually associated with a bug executing code, usually a specially crafted Office or Adobe document, to take control of a system. These attacks often rely on macros, which is why so many people were discouraged to hear Microsoft’s delay in blocking all Office macros by default.
Kevin BreenDirector of Cyber Threat Research at Immersive labsstated that CVE-2022-22047 is the type of vulnerability that is commonly abused after a target has already been compromised.
“Essentially, this allows the attacker to change their permissions from those of a normal user to the same permissions as SYSTEM,” he said. “With this level of access, attackers are able to disable local services such as Endpoint Detection and Security tools. With SYSTEM access, they can also deploy tools like Mimikatz which can be used to recover even more administrator and domain level accounts, thus spreading the threat quickly.
After a brief respite to fix serious security issues in the Windows Print Spooler service, we are back to business as usual. The July patch bundle contains fixes for four separate elevation of privilege vulnerabilities in Windows Print Spooler, identified as CVE-2022-22022, CVE-2022-22041, CVE-2022-30206and CVE-2022-30226. Experts at security company Defensible note that these four flaws provide attackers with the ability to delete files or gain SYSTEM level privileges on a vulnerable system.
About a third of patches released today involve weaknesses in Microsoft’s Azure Site Recovery offering. Other components seeing updates this month include Microsoft Defender for Endpoint; Microsoft Edge (based on chromium); Desk; Windows Bit Locker; Windows Hyper-V; Skype for Business and Microsoft Lync; and Xbox.
Four of the flaws patched this month relate to vulnerabilities that Microsoft labels “critical,” meaning they could be used by malicious software or malcontents to take control of unpatched Windows systems remotely, usually without permission. user help. CVE-2022-22029 and CVE-2022-22039 affect Network File System (NFS) servers, and CVE-2022-22038 affects remote procedure call (RPC) execution.
“Although these three elements are relatively difficult for attackers to exploit due to the amount of sustained data that must be transmitted, administrators should remediate as soon as possible,” said Greg Wisemanproduct manager at Quick7. “CVE-2022-30221 Reportedly affects the Windows graphics component, although Microsoft’s FAQ states that the exploit requires users to access a malicious RDP server.
Separately, Adobe Today fixes released to address at least 27 vulnerabilities across multiple products, including Acrobat and Reader, photoshop, RoboHelpand Adobe Character Animator.
For a more in-depth look at the patches released by Microsoft today and indexed by severity and other metrics, see the Always useful the Patch Tuesday overview from Internet Storm Center WITHOUT. And it’s not a bad idea to delay the update for a few days until Microsoft fixes the issues in the updates: AskWoody.com usually has the list of patches that may cause problems for Windows users.
As always, consider backing up your system or at least your important documents and data before applying system updates. And if you have any issues with these updates, please leave a note about it here in the comments.