Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

admin by admin
December 17, 2022
in Ethical Hackers


Dec 17, 2022Ravie LakshmananServer Security / Network Security

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems.

The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022.

Samba is an open source Windows interoperability suite for Linux, Unix, and macOS operating systems that offers file server, printing, and Active Directory services.

CyberSecurity

A brief description of each of the weaknesses is below –

  • CVE-2022-38023 (CVSS score: 8.1) – Use of weak RC4-HMAC Kerberos encryption type in the NetLogon Secure Channel
  • CVE-2022-37966 (CVSS score: 8.1) – An elevation of privilege vulnerability in Windows Kerberos RC4-HMAC
  • CVE-2022-37967 (CVSS score: 7.2) – An elevation of privilege vulnerability in Windows Kerberos
  • CVE-2022-45141 (CVSS score: 8.1) – Use of RC4-HMAC encryption when issuing Kerberos tickets in Samba Active Directory domain controller (AD DC) using Heimdal

It’s worth noting that both CVE-2022-37966 and CVE-2022-37967, which enable an adversary to gain administrator privileges, were first disclosed by Microsoft as part of its November 2022 Patch Tuesday updates.

“An unauthenticated attacker could conduct an attack that could leverage cryptographic protocol vulnerabilities in RFC 4757 (Kerberos encryption type RC4-HMAC-MD5) and MS-PAC (Privilege Attribute Certificate Data Structure specification) to bypass security features in a Windows AD environment,” the company said of CVE-2022-37966.

The patches also come as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week published 41 Industrial Control Systems (ICS) advisories pertaining to various flaws impacting Siemens and Prosys OPC products.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Azure Data Exporter For BloodHound

Next Post

How to watch Litvinenko Season 1 online

Next Post

How to watch Litvinenko Season 1 online

Recommended

Linux Kernel Runtime Integrity With eBPF

3 weeks ago

15件以上のロマンス詐欺統計

2 weeks ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.