{"id":140119,"date":"2022-06-03T13:02:18","date_gmt":"2022-06-03T18:02:18","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/06\/an-actively-exploited-microsoft-zero-day-flaw-still-doesnt-have-a-patch"},"modified":"2022-06-03T13:02:18","modified_gmt":"2022-06-03T18:02:18","slug":"an-actively-exploited-microsoft-zero-day-flaw-still-doesnt-have-a-patch","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/06\/an-actively-exploited-microsoft-zero-day-flaw-still-doesnt-have-a-patch","title":{"rendered":"An Actively Exploited Microsoft Zero-Day Flaw Still Doesn\u2019t Have a Patch"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/an-actively-exploited-microsoft-zero-day-flaw-still-doesnt-have-a-patch2.jpg\"><\/a><\/p>\n<p>\u201cAfter public knowledge of the exploit grew, we began seeing an immediate response from a variety of attackers beginning to use it,\u201d says Tom Hegel, senior threat researcher at security firm SentinelOne. He adds that while attackers have primarily been observed exploiting the flaw through malicious documents thus far, researchers have discovered other methods as well, including the manipulation of HTML content in network traffic.<\/p>\n<p>\u201cWhile the malicious document approach is highly concerning, the less documented methods by which the exploit can be triggered are troubling until patched,\u201d Hegel says. \u201cI would expect opportunistic and targeted threat actors to use this vulnerability in a variety of ways when the option is available\u2014it\u2019s just too easy.\u201d<\/p>\n<p>The vulnerability is present in all supported versions of Windows and can be exploited through Microsoft Office 365, Office 2013 through 2019, Office 2021, and Office ProPlus. Microsoft\u2019s main proposed mitigation involves disabling a specific protocol within Support Diagnostic Tool and using Microsoft Defender Antivirus to monitor for and block exploitation.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cAfter public knowledge of the exploit grew, we began seeing an immediate response from a variety of attackers beginning to use it,\u201d says Tom Hegel, senior threat researcher at security firm SentinelOne. He adds that while attackers have primarily been observed exploiting the flaw through malicious documents thus far, researchers have discovered other methods as [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-140119","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/140119","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=140119"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/140119\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=140119"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=140119"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=140119"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}