Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925)

10 May 2022

May 2022 Patch Tuesday is here, and Microsoft has marked it by releasing fixes for 74 CVE-numbered vulnerabilities, including one zero-day under active attack (CVE-2022-26925) and two publicly known vulnerabilities (CVE-2022-29972 and CVE-2022-22713). Vulnerabilities of particular note First and foremost, we have CVE-2022-26925, an “important” spoofing vulnerability in Windows Local Security Authority (LSA) that may turn into a “critical” one if combined with NTLM relay attacks.

Read full article on Help Net Security

Date:

10 May 2022

Categorie(s):

NEWS

Tag(s):

IT, Microsoft, News, Patch Tuesday, Security Pro

1,200+ Vulnerabilities Detected In Microsoft Products In 202329 April 2024
A week in security (April 22 – April 28)29 April 2024
Okta Warns of Credential Stuffing Attacks Using Proxy Services29 April 2024
Android Malware Brokewell With Complete Device Takeover Capabilities29 April 2024
Fileless .NET Based Code Injection Attack Delivers AgentTesla Malware29 April 2024