CVE-2022-37969

In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These exploits were very similar to already known Common Log File System (CLFS) driver exploits that we analyzed previously, but we decided to double check and it was worth it – one of the exploits turned out to be a zero-day, sup...

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Plus: Nasty no-auth RCE in TCP/IP stack, and many more updates

Patch Tuesday September's Patch Tuesday is here and it brings, among other things, fixes from Microsoft for one security bug that miscreants have used to fully take over Windows systems along with details of a second vulnerability that, while not yet under attack, has already been publicly disclosed. In total, Redmond patched or addressed 62 security flaws today. This batch includes five "critical" remote code execution (RCE) vulnerabilities, and Microsoft ranked the rest as "important." The bug...