Connect with us

Hi, what are you looking for?

News

Federal Agency Warns Millions of Microsoft Users to Update Settings

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued more alerts related to security vulnerabilities exploited in attacks targeting Microsoft Windows, Adobe products, and Mozilla software.

The fresh alerts come alongside a CISA alert that was sent out for administrators and users to update Apple products, including iPhones that use iOS software.

“Microsoft has released updates to address multiple vulnerabilities in Microsoft software,” it says. “An attacker can exploit some of these vulnerabilities to take control of an affected system.” A similar bulletin was released for Mozilla and Adobe.

CISA, which is operated by the Department of Homeland Security, said it advises users to review Microsoft’s February 2023 Security Update Guide and Deployment Information and “apply the necessary updates.”

According to Microsoft, it is patching three previously exploited vulnerabilities: CVE-2023-21715, CVE-2023-23376, and CVE-2023-21823. The February 2023 patch fixes those, the company says.

“The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer,” Microsoft says.

One of the bugs, according to security expert Dustin Childs with Trend Micro, is likely being used “to spread malware or ransomware … considering this was discovered by Microsoft’s Threat Intelligence Center (aka MSTIC), it could mean it was used by advanced threat actors. Either way, make sure you test and roll these fixes quickly.”

Microsoft says that impacted customers will receive automatic updates. But those who have disabled automatic updates can get them via the Microsoft Store by going to Library, Get updates, then click Update all. Windows 10 users can also head to the Settings menu, then go to the Update & Security section before clicking on the update, which generally requires a restart.

For Adobe, CISA advises users to enable updates for After Effects, Connect, FrameMaker, Bridge, Photoshop, InDesign, Premiere Rush, Animate, and Substance 3D Stager. Several of these patches are deemed as “critical” in terms of severity, including the often-used Adobe Photoshop and Adobe InDesign.

“Probably the most interesting fix is for PhotoShop. This patch fixes five bugs, three of which are rated Critical. An attacker could get arbitrary code execution if they can convince a user on an affected system to open a malicious file,” Childs wrote in a blog post. “This is the same scenario for Premier Rush, which corrects two Critical-rated code execution bugs.”

Mozilla, meanwhile, also released security updates to address vulnerabilities in Firefox 110, according to CISA. The agency advises users and administrations to look into Mozilla’s security advisories for Firefox 110 and Firefox ESR 102.8.

CISA also called on users to update their Apple iPhones, MacBooks, and other products due to similar vulnerabilities. Apple’s updates include iOS 16.3.1, iPadOS 16.3.1, and macOS’s Ventura 13.2.1, while the firm is rolling out Safari 16.3.1 to older Apple operating systems—including macOS Big Sur and macOS Monterey.

“Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to take control of an affected device,” CISA said.

It includes updates for Safari 16.3.1, iOS 16.3.1 and iPadOS 16.3.1, and macOS 13.2.1, according to the notice. On Apple’s website, the firm says the fix is warranted because “an app may be able to execute arbitrary code with kernel privileges,” and another allows for “processing maliciously crafted web content may lead to arbitrary code execution.

READ 8 COMMENTS

TOP STORIES

News

Joe Biden sat down for an interview and announced that he had given an interview to BET News stating that he would reconsider his...

News

A former classmate of Trump’s would-be assassin, Thomas Matthew Crooks, has come forward with claims that Crooks openly mocked him for supporting the former...

News

The FBI conducted 200 interviews and combed through 14,000 images but said they still don’t have a clear motive behind the attempted assassination of...

News

The Trump rally shooter searched “major depressive disorder” before he nearly killed the former president, FBI director Chris Wray told Congress, according to reports....

>