Microsoft confirms 0Day attack targeting law firms, banks and strategy consultants
SOPA Images/LightRocket via Getty Images
Microsoft has demonstrated the importance of applying security updates as soon as possible, with confirmation of how a zero-day vulnerability fixed in July’s Patch Tuesday deployment is being used in targeted attacks.
Regular viewers of the Straight-Talking Cyber video podcast or readers of the combined efforts published on Forbes by the STC team will know that we spend a lot of time talking about security patches and operating system updates. There’s a very good reason for the update message to appear now: threats of all flavors are looking for those users who don’t.
MORE FROM FORBEInside Russian cyber gang believed to be attacking Ukraine – trickbot leak By Davy Winder
Microsoft says that CVE-2022-22047 needs to be fixed urgently
As I reported recently, nearly every version of Windows and Windows Server was vulnerable to attack using CVE-2022-22047, a 0-day security threat that Microsoft rated as “important” rather than critical.
At the time, I thought this was a bit odd, given the severity of the vulnerability and the fact that threat actors were targeting it before a patch was available. At the time, Mike Walters, co-founder of Action1, a cloud monitoring specialist, told me that CVE-2022-22047 “is critical because it is actively exploited in the wild,” adding that “exploiting this vulnerability gives an attacker SYSTEM privileges.”
The reason behind the important assessment seems to be that it can only be executed locally, but ask most security professionals and they’ll tell you that including something like this as part of a chain attack with other exploits is far from the realm of fantasy. In fact, even the Cybersecurity and Infrastructure Security Agency (CISA) deemed the vulnerability worthy of being added to the Catalog of Known Exploited Vulnerabilities and, importantly, requiring US federal agencies to patch their systems by August 2 at the latest.
MORE FROM FORBESGoogle Chrome: 0Day targets journalists, 11 new security holes patched in latest update By Davy Winder
Law firms and banks are among the targets of the Subzero attack
Now Microsoft itself has confirmed just how seriously this 0Day should be taken with news of how threats have been spotted exploiting it. “We’ve seen attacks targeting law firms, banks and strategic consultancies in countries like Austria, the United Kingdom and Panama,” said Christine Goodwin, general manager of Microsoft’s digital security division.
The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Security Response Center (MSRC) also warned that a private sector attacker (PSOA) is using this and other Windows and Adobe 0-day exploits in an attack using specially crafted malware named Subzero. PSOA, given the Knotweed tracking tag, is behind the development of the Subzero malware, Microsoft said.
Microsoft advises all Windows users to install the CVE-2022-22047 patch as soon as possible. Users of Microsoft Defender Antivirus should also ensure that it is updated to at least “security intelligence update 1.371.503.0” and Excel’s macro settings should be changed to control macro execution. Multi-factor authentication (MFA) should be enabled to mitigate any potential credential compromises.
Add Comment