CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Merry Patching Christmas

admin by admin
December 21, 2022
in Information Security


Here’s an important update to make before you log off for the holidays.

For those of you that are on your way to take a break next week, we’ve got a bit of advice to avoid encountering some unnecessary scares during this time that you’ll be spending with your loved ones.

Put simply: If you’re running any version of Windows, please update it as soon as possible! There’s a new Windows remote code execution vulnerability affecting all Windows machines. Even though it’s not yet being exploited in the wild, it’s better to be safe than sorry. 

Looking back at WannaCry

Some of you probably remember the worst ransomware outbreak in history, WannaCry. In that case, the attack was also taking advantage of a remote code execution vulnerability. WannaCry affected the SMB protocol, while this new one (CVE-2022-37958) works in a broader range of network protocols, including SMTP and HTTP when SPNEGO web authentication is enabled.

Microsoft has a list with the different security updates covering from Windows 7 up to Windows 11. The update first appeared in September’s Patch Tuesday security updates and was deemed as “important”; however, after new information was discovered showing the attack potential of the vulnerability, it has been updated to “critical” by Microsoft with a severity rating of 8.1 (note that this is the same as EternalBlue, the exploit used by WannaCry).

While consumers usually have security updates on and applied by default, this isn’t the case for SMBs and bigger enterprises. This is due to the fact that a number of steps have to be taken in advance, such as ensuring compatibility with used applications. 

For SMBs and enterprises, the priority of patching this vulnerability must be increased, as all unpatched computers will be at risk if (when!) a new worm using this vulnerability is released.



Source link

Previous Post

Ingredientsofleadership

Next Post

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Raspberry Robin Worm Strikes Again, Targeting Telecom and Government Systems

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.