Microsoft November 2022 Patch Tuesday Fixes 6 Zero-Days
Read also: Medibank refuses to pay ransom after a data leak, the US seizes over 50K bitcoin stolen from Silk Road, and more.
Thursday, November 10, 2022
Microsoft rolls out a long-awaited fix for ProxyNotShell bugs actively exploited for several months
Microsoft has issued its monthly batch of security updates that fix more than 60 vulnerabilities in Windows and OS components, and other software. Most importantly, the November 2022 Patch Tuesday includes belated fixes for a couple of high-severity Microsoft Exchange zero-day flaws known as ProxyNotShell that have been exploited by state-backed hackers in targeted attacks since at least September 2022.
In addition to ProxyNotShell, this month’s Patch Tuesday addresses four other zero-day vulnerabilities CVE-2022-41125 (privilege escalation in Windows CNG Key Isolation Service), CVE-2022-41073 (privilege escalation in Windows Print Spooler), CVE-2022-41091 (security features bypass in Microsoft Windows Mark of the Web), and CVE-2022-41128 (Windows Scripting Languages remote code execution bug).
Medibank refuses to pay ransom to hackers behind October data breach
Australia’s top health insurer Medibank said it doesn’t plan to pay a ransom to cybercriminals responsible for the massive data breach that impacted 9.7 million current and former customers. The attack was attributed to a ransomware gang called “BlogXX” believed to be linked to the now-defunct REvil cybercrime syndicate.
The company explained that it believes there is only a limited chance that paying the ransom would ensure the return of the customer data and prevent it from being released. Following Medibank’s announcement the ransomware group has leaked files on a dark web forum containing customer data believed to be stolen from the insurer’s systems, including private and health information.
Experts estimate that this data breach could cost Medibank $450 million if customers decide to sue for damages.
US seizes over 50K bitcoin worth billions stolen from Silk Road
The US government announced it had obtained more than 50,000 bitcoin stolen from the now-defunct Silk Road dark web marketplace in 2012, in what appears to be one of the largest cryptocurrency seizures to date.
According to the US Department of Justice, the authorities had seized the stolen cryptocurrency (then valued at $3.36 billion) in November 2021 while conducting the search of a house of James Zhong, a real estate agent who pleaded guilty on November 4, 2022 to committing wire fraud in September 2012 when he unlawfully obtained the cryptocurrency from Silk Road. This criminal offence carries a maximum sentence of 20 years in prison.
15K websites compromised in a major Google SEO poisoning campaign
A massive black hat search engine optimization (SEO) campaign has been detected that compromised nearly 15,000 websites (most of them are WordPress sites) in order to redirect users to fake low quality Q&A discussion forums.
Each hacked website was found to contain thousands of infected files used as part of the spam campaign. The goal of the attack, which has been ongoing since September 2022, is to increase the authority of spam domains for search engines and rank higher in search results. While the researchers have not observed malicious activity related to these sites as of yet, they theorize that the compromised sites could be used as malware droppers or phishing sites in the future, or as part of an ad fraud scheme.
Microsoft warns of worrying rise in nation state cyber activity
Microsoft said it observed a ‘disturbing’ rise in aggressive nation state cyber-attacks, noting that threat actors’ targeting spanned the globe this past year, with a particularly heavy focus on organizations in the US and UK followed by organizations in Israel, the UAE, Canada, Germany, India, Switzerland, and Japan.
Between July 2021 and June 2022, the number of cyber-attacks carried out by nation state actors increased from 20% to 40% largely due to the Russia-Ukraine conflict. Microsoft notes that Iranian threat actors have been particularly aggressive following a transition of presidential power in the past year, while North Korean hackers continued to conduct operations to obtain cryptocurrency. At the same time, China’s state-backed hacker groups have been observed stockpiling zero-day flaws to use in malware attacks by taking advantage of China’s vulnerability reporting law, which requires that all Chinese security researchers report new vulnerabilities they find to a state security authority.
What’s next:
- Follow ImmuniWeb on Twitter and LinkedIn
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law. 
