Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware

[Gandalf_The_Grey]

Content source

https://www.neowin.net/news/microsoft-acknowledges-many-windows-11-windows-10-whql-drivers-were-actually-malware/

Earlier today, Microsoft released its Patch Tuesday updates for Windows 10 (KB5028166) and Windows 11(KB5028185). The company announced separately about the new Dynamic SafeOS updates meant for hardening the security mitigations put in place against Secure Boot vulnerabilities.

Alongside changes made to its Secure Boot DBX, Microsoft also added several malicious drivers to its Windows Driver.STL revocation list. Microsoft was informed of these vulnerable drivers by security research firms Cisco Talos, Sophos, and Trend Micro.

On a dedicated security advisory ADV230001, Microsoft explains the issue (CVE-2023-32046) which was a result of maliciously signed WHQL drivers.

Microsoft has added all such drivers to the Vulnerable Driver Blocklist with Windows Security updates (Microsoft Defender 1.391.3822.0 and newer).

Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware

Microsoft released its latest July Patch Tuesday updates earlier today. The company added a revocation list featuring multiple WHQL-signed Windows drivers that were actually malware.

www.neowin.net

 

[Ink]

List of malicious drivers courtesy of Sophos

IoCs/maldrivers_release_2.csv at master · sophoslabs/IoCs

Sophos-originated indicators-of-compromise from published reports - IoCs/maldrivers_release_2.csv at master · sophoslabs/IoCs

github.com

 

[Sammo]

Dangerous vulnerabilities in Microsoft are being exploited in attacks – SaaSNews English

Dangerous vulnerabilities in Microsoft are being exploited in attacks​

Update your operating system and follow Microsoft’s instructions to stay safe.


Microsoft has released its July 2023 security updates, addressing 132 vulnerabilities across various products. Among these are 37 remote code execution vulnerabilities. Six of the flaws are already being actively exploited in the wild; one of them requires additional actions from the user besides installing the patch.

The vulnerabilities impact Windows, Office, Outlook, and other Microsoft software products. If exploited, the most severe ones could allow attackers to elevate their privileges and remotely run malicious code on affected systems.

For one of the actively exploited vulnerabilities addressed in the update – CVE-2023-36884 – Microsoft hasn’t provided a patch. Instead, users are advised to add Microsoft Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key. For instructions, see the Microsoft update guide. Besides following the instructions, be sure to install the latest update as soon as possible. For details, see the Microsoft Support pages for Windows, Office, and Outlook.

 

[Gandalf_The_Grey]

Dangerous vulnerabilities in Microsoft are being exploited in attacks – SaaSNews English

Dangerous vulnerabilities in Microsoft are being exploited in attacks​

Update your operating system and follow Microsoft’s instructions to stay safe.


Microsoft has released its July 2023 security updates, addressing 132 vulnerabilities across various products. Among these are 37 remote code execution vulnerabilities. Six of the flaws are already being actively exploited in the wild; one of them requires additional actions from the user besides installing the patch.

The vulnerabilities impact Windows, Office, Outlook, and other Microsoft software products. If exploited, the most severe ones could allow attackers to elevate their privileges and remotely run malicious code on affected systems.

For one of the actively exploited vulnerabilities addressed in the update – CVE-2023-36884 – Microsoft hasn’t provided a patch. Instead, users are advised to add Microsoft Office executables to the FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION registry key. For instructions, see the Microsoft update guide. Besides following the instructions, be sure to install the latest update as soon as possible. For details, see the Microsoft Support pages for Windows, Office, and Outlook.

That is this one:

Microsoft: Unpatched Office zero-day exploited in NATO summit attacks

Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents. Unauthenticated attackers can exploit the vulnerability (tracked as CVE-2023-36884) in high-complexity attacks...

malwaretips.com