"Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited"

Microsoft recently released critical software updates to fix at least 73 documented security flaws in the Windows ecosystem and warned that unknown attackers are already launching zero-day man-in-the-middle attacks.  The zero-day, flagged as CVE-2022-26925, is described by researchers as a Windows LSA spoofing vulnerability that provides a path for attackers to authenticate to domain controllers.  Microsoft warned that an unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM.  Microsoft noted that attackers must first inject themselves into the logical network path between the target and the resource requested by the victim in order to read or modify network communications.  The researchers stated that although the attack scenario is complex, they urge organizations not to downplay the risk.  The flaw is rated as important and was assigned a CVSSv3 score of 8.1.  If this vulnerability is chained with other NTLM Relay attacks like PetitPotam, the CVSSv3 score would increase to 9.8, elevating the severity of this flaw to critical.  Microsoft noted that the new security update detects anonymous connection attempts in LSARPC and disallows it.  As is customary, Microsoft did not provide any additional details on the exploits seen in the wild or any IOCs (indicators of compromise) to help defenders hunt for signs of compromise.  

SecurityWeek reports: "Patch Tuesday: Microsoft Warns of New Zero-Day Being Exploited"