{"id":12148,"date":"2022-12-09T06:03:09","date_gmt":"2022-12-09T13:03:09","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&#038;p=12148"},"modified":"2023-02-17T13:32:39","modified_gmt":"2023-02-17T20:32:39","slug":"dhs-cisa-kevs-weekly-edition-24-patch-before-you-hit-the-deadline","status":"publish","type":"patch_watch","link":"https:\/\/webdev.securin.xyz\/patch_watch\/dhs-cisa-kevs-weekly-edition-24-patch-before-you-hit-the-deadline\/","title":{"rendered":"DHS CISA KEVs Weekly Edition 24: Patch Before You Hit the Deadline"},"content":{"rendered":"<p dir=\"ltr\">Recently, hackers have actively been exploiting zero-day vulnerabilities. The CISA is much more proactive in adding such vulnerabilities to the KEV catalog and recommending that organizations patch them on priority. In this post, we shall analyze the CVEs that have been prioritized for patching on December 9, 2022.<\/p>\n<p><img decoding=\"async\" style=\"width: 750px; height: 410px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-24\/patchwatch-1.png\" alt=\"\" \/><\/p>\n<h2 dir=\"ltr\">Why are these CVEs important?<\/h2>\n<p dir=\"ltr\">From our analysis, we found that<\/p>\n<ul>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\">All 5 vulnerabilities are trending this month.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-november-21-2022-november-25-2022.html#BlackBasta%20Ransomware%20is%20Running%20QakBot%20Campaigns\">CVE-2022-41049<\/a> is the second Mark-of-the-Web vulnerability that was exploited along with CVE-2022-41049. This allows attackers to download and execute malicious files without issuing a warning to the user. This is exploited by several ransomware groups (LockBit, BlackBasta, Magniber).<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41073\">CVE-2022-41073<\/a> is a Microsoft Windows Print Spooler vulnerability which allows an attacker to gain root privileges.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-december-5-2022-december-9-2022.html#Internet%20Explorer%200-day%20Exploited%20by%20North%20Korean%20Actor%20APT37%20AKA%20ScarCruft\">CVE-2022-41128<\/a>, is a Microsoft Windows Scripting Languages vulnerability in the JScript9 scripting language which allows for remote code execution.<\/p>\n<\/li>\n<li dir=\"ltr\" aria-level=\"1\">\n<p dir=\"ltr\" role=\"presentation\"><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-41125\">CVE-2022-41125<\/a> is a ProxyNotShell vulnerability which is actively exploited in targeted attacks against at least 10 large organizations.<\/p>\n<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">How Far Back Do They Go?<\/h2>\n<p>All 5 vulnerabilities were recently discovered and are actively exploited by the LockBit ransomware group.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 392px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-24\/patchwatch-4.png\" alt=\"\" \/><\/p>\n<p>&nbsp;<\/p>\n<p dir=\"ltr\">CVE-2022-41128 is an Internet Explorer zero-day bug found in the browser\u2019s \u2018JScript9\u2019 JavaScript engine. It has been used in APT37 attacks since mid-November.<\/p>\n<p>&nbsp;<\/p>\n<h2 dir=\"ltr\">Which Vendors Are Affected?<\/h2>\n<p dir=\"ltr\">All these vulnerabilities are found in Microsoft. Microsoft products are widely used in most organizations and homes, making all of them a target. Several journalists and diplomats have been affected by the Mark-of-the-Web vulnerabilities denoting that even personal devices are not off-limits.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 367px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-24\/patchwatch-3.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">All Microsoft users must ensure that their devices are up-to-date on security patches to avoid being targeted by malicious actors.<\/p>\n<h2 dir=\"ltr\">Severity Scores<\/h2>\n<p>Three of these vulnerabilities are ranked high on the CVSS scale. These vulnerabilities impact 57 affected products in total and are commonly used.<\/p>\n<p><img decoding=\"async\" style=\"width: 550px; height: 417px;\" src=\"https:\/\/cybersecurityworks.com\/howdymanage\/uploads\/image\/patch-watch\/cisa\/dhs-24\/patchwatch-2.png\" alt=\"\" \/><\/p>\n<p dir=\"ltr\">CVE-2022-41125 and CVE-2022-41073 allow an attacker to gain system-level privileges.<\/p>\n<h2 dir=\"ltr\">Software Weaknesses<\/h2>\n<p>None of the CVEs have any CWEs associated with them.<\/p>\n<p>&nbsp;<\/p>\n<p><iframe class=\"airtable-embed\" style=\"background: transparent; border: 1px solid #ccc;\" src=\"https:\/\/airtable.com\/embed\/shrfPUegXQsW4ZIFE?backgroundColor=blue&amp;viewControls=on\" width=\"100%\" height=\"533\" frameborder=\"0\"><\/iframe><\/p>\n<p dir=\"ltr\" style=\"text-align: center;\"><strong>Table: DHS CISA KEVs<\/strong><\/p>\n<p dir=\"ltr\"><strong>We urge organizations to implement patches for these CVEs at the earliest. With CSW\u2019s threat-based approach and vulnerability intelligence, security teams can prioritize the threats, including all KEVs, and minimize their attack surface.<\/strong><\/p>\n<p dir=\"ltr\">For the latest news regarding vulnerabilities that are exploited and critical threats, read our blog on <a href=\"https:\/\/cybersecurityworks.com\/blog\/cyber-risk\/csws-threat-intelligence-december-5-2022-december-9-2022.html\">Weekly Threat Intelligence<\/a>.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, hackers have actively been exploiting zero-day vulnerabilities. The CISA is much more proactive in adding such vulnerabilities to the KEV catalog and recommending that organizations patch them on priority. In this post, we shall analyze the CVEs that have been prioritized for patching on December 9, 2022. Why are these CVEs important? From our [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14436,"parent":0,"menu_order":0,"template":"","meta":{"content-type":""},"patch_category":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch\/12148"}],"collection":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_watch"}],"about":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/types\/patch_watch"}],"author":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/users\/1"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media\/14436"}],"wp:attachment":[{"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/media?parent=12148"}],"wp:term":[{"taxonomy":"patch_category","embeddable":true,"href":"https:\/\/webdev.securin.xyz\/wp-json\/wp\/v2\/patch_category?post=12148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}