1671936521 origin 1

Update Windows now to fix this vulnerability under attack

origin 1

Cybersecurity is a never-ending battle, but this week Microsoft offers its users a few more weapons. The latest Patch Tuesday update, available now for both Windows 10 and 11, fixes a zero-day vulnerability that is being actively exploited in the wild. Your machine may have already been updated, if not, apply the December 13 patch via Windows Update ASAP (Start > Settings > Update & Security > Windows Update).

According to Computer that plays, the zero-day vulnerability allowed attacks via JavaScript files that could bypass standard Windows security warnings for downloading executable files. This in turn would allow an attacker to evade the Microsoft Office Protected View system. The attack would be based on basic phishing techniques, requiring the user to open a specific file or access an infected website, after which Magniber ransomware can be installed and encrypt the user’s files remotely.

Various security researchers have observed that this vector is used to install malware over the web via Javascript vulnerability, so this is an active threat. The campaigns specifically targeted email data for banks and other financial institutions to use in follow-up attacks. The problem addressed is labeled “CVE-2022-44698” in the Microsoft bug tracking system. CVE-2022-44710another zero-day issue which is not known to be a threat in the wild, has also been fixed.