Windows 10: Time to Patch: Microsoft released security patch for actively exploited issue

Microsoft released security updates for Windows yesterday on the March 2023 Patch Day. Among the patched security updates, several of which are rated critical by Microsoft, is a security issue that is exploited actively in the wild.

The issue was reported by Google's Threat Analysis Group. The threat actor used "an unpatched security bypass in Microsoft's SmartScreen security feature" to push the Magniber ransomware on user systems.

Google describes the attack in detail, stating that the attackers use "MSI files signed with an invalid but specially crafted Authenticode signature". While the signature is not valid, it causes a SmartScreen error that "results in bypassing the security warning dialog" that is usually displayed to Windows users when untrusted files with a Mark-of-the-Web are executed on the device.

More than 100,000 downloads of malicious MSI files have been observed by Google since January 2023. More than 80% of these downloads happened in Europe, a "notable divergence from Magniber's typical targeting", which is aimed at South East Asia. Google notes that Chrome browser's Safe Browsing protection has displayed warnings about the download to more than 90% of affected users.

Attackers used a previous SmartScreen bypass last year to attack Windows devices. Security researchers from HP Threat Research and 0Patch provided an analysis of the issue. 0Patch noted that the malicious files had invalid signatures, and that these files should never have been trusted by Windows. The malformed nature of the signature exploited the bug in SmartScreen, which led to Windows trusting the malicious file without showing a warning to the user on execution.

Microsoft released a patch in September, targeted under CVE-2022-44698, and rated the issue as moderate. This initial patch did not address the root cause of the security issue, but addressed only the particular method used by attacks at the time. Google says in its conclusion that "the root cause behind the SmartScreen security bypass was not addressed" and that this allowed the attackers to "quickly identify a variant of the original bug", which they now use in attacks.

Microsoft tracks the new security issue as CVE-2023-24880 and has rates it as a moderate threat. It remains to be seen if the second security patch released by Microsoft plugs the entire SmartScreen bug, or if in a month or two, another variant emerges that is exploiting yet another way to bypass SmartScreen on Windows.

Google offers detailed information of the attack on its blog.

Closing Words

Windows 10 and 11, as well as Windows Server administrators, may install the March 2023 security updates to patch the issue.

Thank you for being a Ghacks reader. The post Time to Patch: Microsoft released security patch for actively exploited issue appeared first on gHacks Technology News.

read more...

 

Microsoft issues new patches

Microsoft Corp. has released its security software patches for April, addressing an unpatched bug in the Internet Explorer browser that hackers had been exploiting for several weeks.

As expected, the company released five patches, called "updates" in Microsoft parlance, addressing a number of critical vulnerabilities in IE and the Windows operating system. Microsoft also released an update for Outlook Express, rated "important," and a fix for Windows FrontPage Server Extensions and SharePoint Team Services 2002, rated "moderate."

Source: Computerworld

 

Microsoft only releases three patches this month.

There will be only three security updates from Microsoft this month, the software giant has revealed. There is only one "critical" update, which patches Microsoft Office. The other two patches are non-critical, and the patches solve minor security flaws. Microsoft has also released a new update to Windows Defender. Microsoft also has no comment on when it plans to release further patches, but it is probably figuring out how to patch Office 2000 for the bug found earlier this week allowing a hacker access to an Office 2000 users computer. The Microsoft Security Bulletin can be viewed here.

Source: Technet

 

Jan 10th Patch Tuesday: 7 Patches On The Way

Microsoft has just released their Security Bulletin Advance Notification for January 2012. This is pre-release information about the Windows patches due to be rolled out on Microsoft Update on Tuesday 10th January. In it, there is one critical and six important updates. There are three remote code execution patches (one critical); two information disclosures and one privilege escalation. There is also one "security feature bypass", which is interesting, because it's not a description seen before. It's not hard to get an idea of what this fixes, but we await the release of the official bulletins for the full description of what security feature is fixed.

All versions of Windows have patches coming up, but some of those patches don't apply to particular versions of Windows and the notification lists which Windows version gets which bulletin/patch. At the same time, Microsoft is releasing an updated version of it's Windows Malicious Software Removal Tool. Full details here