Microsoft confirms 0Day attack targeting law firms, banks and strategic consultancies
SOPA Images/LightRocket via Getty Images
Microsoft has demonstrated how important it is to apply security updates as soon as possible, with confirmation of how a zero-day vulnerability fixed in the July ‘Patch Tuesday’ rollout is being used in targeted attacks.
Regular viewers of the Straight-Talking Cyber video podcast, or readers of the combined efforts published at Forbes by the STC team, will be aware that we spend a lot of time talking about security patches and operating system updates. There’s a very good reason driving the update now message: threat actors of all flavors are looking for those users who don’t.
Microsoft says CVE-2022-22047 needs to be patched as a matter of urgency
As I reported recently, almost every version of Windows and Windows Server was vulnerable to being attacked using CVE-2022-22047, a 0Day security threat that Microsoft rated as being ‘important’ rather than critical.
At the time I thought this was somewhat odd, given the seriousness of the vulnerability and the fact threat actors were known to be targeting it before the system patch was made available. At the time, Mike Walters, co-founder of Action1, a cloud-based monitoring specialist, told me that CVE-2022-22047 “is critical because it is actively exploited in the wild,” adding “use of this vulnerability gives an attacker SYSTEM privileges.”
The reasoning behind the important rating would appear to be that it could only be executed locally but ask most any security professional and they will tell you that including something like this as part of a chained attack with other exploits is far from being in the realm of fantasy. Indeed, even the Cybersecurity & Infrastructure Security Agency (CISA) thought the vulnerability worthy of adding to the Known Exploited Vulnerabilities Catalog and, importantly, mandating U.S. federal agencies to patch their systems by 2 August at the latest.
Law firms and banks amongst those being targeted by Subzero attack
Now Microsoft itself has confirmed just how seriously this 0Day needs to be taken, with news of how threat actors have been seen exploiting it. “We observed attacks targeting law firms, banks, and strategic consultancies in countries such as Austria, the United Kingdom, and Panama,” Cristin Goodwin, the general manager at Microsoft’s Digital Security Unit, said.
The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) have also warned that a private-sector offensive actor (PSOA) was using this, and other Windows and Adobe 0-day exploits, in an attack using specially crafted malware named Subzero. The PSOA, given a tracking label of Knotweed, was behind the development of the Subzero malware, Microsoft stated.
Microsoft advises all Windows users to …….