Windows Zero-Day Vulnerabilities Have Been Hacked and Not Fully Fixed by Microsoft!Beware of Malicious Phishing Attacks- Free Electronic News 3C Technology

(Photo/Archyde.com)

Foreign mediaIlsoftwareAccording to reports, Microsoft released a routine security update patch for the Windows system in early November, patching a zero-day vulnerability numbered “CVE-2022-41091”. Before the vulnerability was patched, it had been hacked Launch a wave of large-scale phishing attacks to spread the Qbot malware to invade the computer device of the hacker. In addition to the possibility of malicious infection of the files and files in the device, there may even be threats of malicious ransomware Information security risk.

Although the patch file for this zero-day vulnerability has been released in Microsoft’s Windows cumulative update file in November, according to foreign ProxyLife security personnel, Microsoft has not completely fixed all the bugs of this vulnerability, resulting in some cases, Still will not automatically jump out of the security warning prompt. In addition to downloading the update files released in November as soon as possible, Windows users are urged to maintain a high degree of vigilance against unknown source URLs and file downloads contained in emails during the period before Microsoft releases specific information security patch files in December. alertness.

This wave of attacks using zero-day vulnerabilities to spread Qbot malware is mainly through email phishing campaigns, using URL links and attached files in emails, and adding a special attribute called “Mark of the Web” , so as to deceive the security trust of the Windows system, and secretly spread the Qbot malware without displaying the webpage security warning, and disguise it as an executable file such as “wermgr.exe” or “AtBroker.exe”, so that the victim Hackers mistakenly think they are safe archives when they are unaware.

Once the open button is clicked, the installation of the Qbot malware will be quietly run in the background. While successfully invading the computer device, it may not only cause the file files in the computer device to be maliciously infected and damaged, but also steal the victim’s electronic data. The email was used to launch another wave of phishing attacks. Take, for example, the recent Black Basta ransomware attack that has hit the web.

you may also want to see

Qatar World Cup Official 2 Apps Expose Information Security Risks!EU regulatory warning: mobile phone data will be collected

No need to smoke, no rush, now use the APP to watch the news and guarantee to win the lottery every dayClick me to download APP 
According to how I see activities



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.