SecurityWeek reports that Microsoft has patched a security flaw in its Endpoint Configuration Manager solution, as part of an out-of-band update.
Threat actors could exploit the medium-severity spoofing vulnerability, tracked as CVE-2022-37972, to facilitate lateral network movement and ransomware attacks. While there has been no indication of abuse, the flaw has been publicly disclosed, according to Microsoft. T
he bug, which was first identified by Trimarc Security researcher Brandon Colley, could be leveraged by attackers with admin privileges to secure hashed credentials on all configured push accounts.
Moreover, settings that enable connection fallback to the NTLM authentication protocol could help enable lateral movement and ransomware attacks but such concerns pertaining to NTLM have been addressed with the update, Colley said.
"Prior to this patch, it was possible for an attacker to bypass the NTLM connection fallback setting which was previously thought to have prevented the type of attack in my July blog," added Colley.
CyberScoop reports that millions of files that may have sensitive information have been exposed by 314,000 internet-connected devices and servers with open directory listings, indicating potential significant exploitation.
Nearly 12,000 internet-facing Juniper firewall devices were discovered by VulnCheck to be impacted by a new medium-severity remote code execution vulnerability, which could be exploited to facilitate the execution of arbitrary code without the need to create a file, The Hacker News reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news