Latest News Latest News

New Attack Could Let Remote Hackers Target Devices On Internal Networks

A newly devised variant of the NAT Slipstreaming attack can be leveraged to compromise and expose any device in an internal network.

Read More...

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.

Read More...

Ransomware Attackers Using SystemBC Malware With RAT and Tor Proxy

Cybercriminals are increasingly outsourcing the task of deploying ransomware to affiliates using commodity malware and attack tools.

Read More...

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor

The investigation into how the attackers managed to compromise SolarWinds' internal network and poison the company's software updates is still underway, but we may be one step closer to understanding what appears to be a very meticulously planned and highly-sophisticated supply chain attack.

Read More...

US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor

State-sponsored actors allegedly working for Russia have targeted the US Treasury, the Commerce Department's National Telecommunications and Information Administration (NTIA), and other government agencies to monitor internal email traffic as part of a widespread cyberespionage campaign.

Read More...

Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers

Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising.

Read More...

Zero-Click Wormable RCE Vulnerability Reported in Microsoft Teams

A zero-click remote code execution (RCE) bug in Microsoft Teams desktop apps could have allowed an adversary to execute arbitrary code by merely sending a specially-crafted chat message and compromise a target's system.

Read More...

WARNING — Critical Remote Hacking Flaws Affect D-Link VPN Routers

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks—even if they are secured with a strong password.

Read More...

Microsoft Releases Windows Update (Dec 2020) to Fix 58 Security Flaws

Microsoft on Tuesday released fixes for 58 newly discovered security flaws spanning as many as 11 products and services as part of its final Patch Tuesday of 2020, effectively bringing their CVE total to 1,250 for the year. Of these 58 patches, nine are rated as Critical, 46 are rated as Important, and three are rated Moderate in severity.

Read More...

Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW

Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems.

Read More...

Most Viewed News Most Viewed News

Back

Microsoft Issues Patches for Defender Zero-Day and 82 Other Windows Flaws

For the first patch Tuesday of 2021, Microsoft released security updates addressing a total of 83 flaws spanning as many as 11 products and services, including an actively exploited zero-day vulnerability.

The latest security patches cover Microsoft Windows, Edge browser, ChakraCore, Office and Microsoft Office Services, and Web Apps, Visual Studio, Microsoft Malware Protection Engine, .NET Core, ASP .NET, and Azure. Of these 83 bugs, 10 are listed as Critical, and 73 are listed as Important in severity.

The most severe of the issues is a remote code execution (RCE) flaw in Microsoft Defender (CVE-2021-1647) that could allow attackers to infect targeted systems with arbitrary code.

Microsoft Malware Protection Engine (mpengine.dll) provides the scanning, detection, and cleaning capabilities for Microsoft Defender antivirus and antispyware software. The last version of the software affected by the flaw is 1.1.17600.5, before it was addressed in version 1.1.17700.4.

The bug is also known to have been actively exploited in the wild, although details are scarce on how widespread the attacks are or how this is being exploited. It's also a zero-click flaw in that the vulnerable system can be exploited without any interaction from the user.

Microsoft said that despite active exploitation, the technique is not functional in all situations and that the exploit is still considered to be at a proof-of-concept level, with substantial modifications required for it to work effectively.

What's more, the flaw may already be resolved as part of automatic updates to the Malware Protection Engine — which it typically releases once a month or as when required to safeguard against newly discovered threats — unless the systems are not connected to the Internet.

For organizations that are configured for automatic updating, no actions should be required, but one of the first actions a threat actor or malware will try to attempt is to disrupt threat protection on a system so definition and engine updates are blocked.

Tuesday's patch also rectifies a privilege escalation flaw (CVE-2021-1648) introduced by a previous patch in the GDI Print / Print Spooler API ("splwow64.exe") that was disclosed by Google Project Zero last month after Microsoft failed to rectify it within 90 days of responsible disclosure on September 24.

Other vulnerabilities fixed by Microsoft include a memory corruption flaws in Microsoft Edge browser (CVE-2021-1705), a Windows Remote Desktop Protocol Core Security feature bypass flaw (CVE-2021-1674, CVSS score 8.8), and five critical RCE flaws in Remote Procedure Call Runtime.

To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update, or by selecting Check for Windows updates.


Contact Us Contact Us

Free Call[OH]: 933

Phone Number: +251-993939270,

                            +251-936825343,

                            +251-944-33-68-02

E-mail: ethiocert@insa.gov.et

P.O.Box: 124498

Download PGP Keys


Report an Incident

Values Values

  • Trustworthiness
  • Innovation
  • Scientific
  • Democracy
  • Synergy
  • Saving