Active Directory Archives

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 12, 2022 / Active Directory, Azure, CVE-2022-22035, CVE-2022-24504, CVE-2022-30198, CVE-2022-33634, CVE-2022-34689, CVE-2022-37968, CVE-2022-37976, CVE-2022-37979, CVE-2022-38000, CVE-2022-38047, CVE-2022-38048, CVE-2022-41033, CVE-2022-41034, CVE-2022-41038, CVE-2022-41081, EoP, Hyper-V, Kubernetes, Office, Point-to-Point, PPT, RCE, SharePoint, Vulnerabilities

The Microsoft October 2022 Security Updates includes patches and advisories for 84 vulnerabilities, including 2 zero-day and 13 Critical severity issues. However, the ProxyNotShell vulnerabilities were not addressed.

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / August 19, 2022 / Active Directory, Apple, CISA, CVE-2017-15944, CVE-2022-21971, CVE-2022-22536, CVE-2022-26923, CVE-2022-2856, CVE-2022-32893, CVE-2022-32894, iOS, Known Exploited Vulnerabilities Catalog, macOS, Microsoft, Windows

The Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Apple (2), Microsoft (2), SAP, Google Chrome, and Palo Alto Networks.

Samba patches 5 vulnerabilities, 1 rated High severity (CVE-2022-32744)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / July 30, 2022 / Active Directory, CIFS, CVE-2022-32744, LDAP, Samba, SMB

Samba has released software updates to fix five vulnerabilities in multiple Samba software products. One of the fixed issues could allow Samba AD users to forge password change requests for any user.

cyber security, information security, data privacy-3400657.jpg

CISA adds Critical WatchGuard and Microsoft AD flaws to Catalog of exploited vulnerabilities

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / April 11, 2022 / Active Directory, CVE-2017-11317, CVE-2020-2509, CVE-2021-22600, CVE-2021-27852, CVE-2021-39793, CVE-2021-42278, CVE-2021-42287, CVE-2022-23176, Firebox, Microsoft, QNAP, WatchGuard, XTM

The Cybersecurity and Infrastructure Security Agency (CISA) has added a Critical WatchGuard and two Microsoft Active Directory flaws, along with five other vulnerabilities to its Known Exploited Vulnerabilities Catalog.

Active Directory

Microsoft October 2022 Security Updates addresses 84 vulnerabilities (13 rated Critical, 2 zero-days)

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog

Samba patches 5 vulnerabilities, 1 rated High severity (CVE-2022-32744)

CISA adds Critical WatchGuard and Microsoft AD flaws to Catalog of exploited vulnerabilities

Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks

Microsoft: Nobelium cybergang deploys FoggyWeb backdoor to target AD FS servers

Samba fixes two High severity bugs (CVE-2020-27840 and CVE-2021-20277)

FireEye publishes Microsoft 365 tools and hardening strategies to defend against SolarWinds attackers

TrickBot trojan updates propagation module with nworm to evade detection

Microsoft releases Zero Trust guidance for Azure AD