A remote code execution vulnerability in Windows’ Internet Information Services (IIS) component.
Microsoft's January 2022 Patch Tuesday contains updates on 97 security vulnerabilities, one of which is CVE-2022-21907 rated with 9.8 and can lead to a remote code execution. Learn More »
Common Vulnerabilities and Exposures
Background
As reported by Microsoft - during the January 2022 security update cycle - a patch was released for vulnerabilities CVE-2022-21907. That is a critical bug on HTTP Protocol Stack that can lead to a remote code execution without any user interaction or privelege required.
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
On January 11, the Microsoft security update was published at:
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jan
And, a cybersecurity news site ThreatPost published a follow-up article at:
https://threatpost.com/microsoft-wormable-critical-rce-bug-zero-day/177564
On January 12, FortiGuard Labs published a threat signal report:
https://www.fortiguard.com/threat-signal-report/4372
FortiGuard Labs is actively monitoring for detections in the wild. Refer the table below for the latest Security Fabric protections available
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
Vulnerability
-
IPS
-
Web App Security
-
Application Firewall
-
Outbreak Detection
-
Threat Hunting
-
Assisted Response Services
-
Automated Response
-
InfoSec Services
-
Attack Surface Monitoring (Inside & Outside)
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
References
Sources of information in support and relation to this Outbreak and vendor.