As technology continues to evolve, so too does the cyber-threat landscape. Keeping up with the latest security vulnerabilities is critical for security and technology teams. With the new year just around the corner, let’s look at some of the top security vulnerabilities organizations should be aware of from 2022.
Have a read and check for these vulnerabilities in your environment before these get picked up by threat actors (most were exploited in the wild, therefore, exploits exist) or by your penetration testing service provider.
Follina MSDT Bug (CVE-2022-30190)
This zero day flaw was identified in the built-in MS URL handlers (ms-msdt:) that would trigger the Microsoft Support Diagnostic Tool (MSDT) process used to run code on the target system. It named the vulnerability ‘Follina’ after the Italian city whose area code (0438) matched the numbers written on the malware sample file name(05-2022-0438.doc). This bug could be exploited even if Macros were turned off completely.
Workaround
Guess what? A fix is to remove the registry entry causing this to happen. Easy-peasy!
Log4Shell/Log4j (CVE-2021-44228)
This vulnerability from December 2021 ensured a busy start to 2022 for security teams. A zero-day vulnerability affected Log4j2 versions >= 2.0-beta9 and
Support the originator by clicking the read the rest link below.
