[ad_1]
Critical flaws in Windows-based data centers and applications that Microsoft patched in mid-2022 left millions of users at risk for a variety of malware and ransomware attacks, as nearly all vulnerable endpoints went unpatched. exposed to
Akamai’s cybersecurity researchers have published a proof of concept (PoC) of this vulnerability and confirmed that a high percentage of devices are still unpatched.
The vulnerability Akamai mentions is CVE-2022-34689. This is a Windows CryptoAPI spoofing vulnerability that allows an attacker to authenticate or sign code as a target’s certificate. In other words, an attacker could use this flaw to impersonate another app or her OS and force those apps to run without warning.
ignore the patch
“We found that less than 1% of the visible devices in our data centers were patched, and the rest were not protected from exploitation of this vulnerability,” said an Akamai researcher. said.
Speaking to The Register, researchers confirmed that 99% of endpoints were unpatched, but not necessarily vulnerable.
This flaw was given a severity score of 7.5 and labeled as Critical. Microsoft released his patch in October 2022, but few users have applied it yet.
“So far, we have found that older versions of Chrome (before v48) and Chromium-based applications can be exploited,” said the researchers. “We believe there are more vulnerable targets in the wild, and our research is still ongoing.”
When Microsoft first patched the vulnerability, it said there was no evidence that the vulnerability had been exploited in the wild. But now that the PoC is out, it’s safe to assume that various attackers will start looking for vulnerable endpoints. (opens in new tab)After all, the methodology is given to them on a silver platter, so all they need to do is find a victim.
Via: Register (opens in new tab)
[ad_2]
Source link
