CISA Removes Windows Vulnerability From 'Must-Patch' List Due to Buggy Update

2 years ago
May 16, 2022
2 replies
9 views

+54

Jasper_The_Rasper
Moderator
11629 replies

By Eduard Kovacs on May 16, 2022

The US Cybersecurity and Infrastructure Security Agency (CISA) has temporarily removed a Windows flaw from its Known Exploited Vulnerabilities Catalog after it was informed by Microsoft that a recent update can cause problems on some types of systems.

The vulnerability in question is CVE-2022-26925, which Microsoft describes as a Windows LSA spoofing vulnerability. The issue was addressed with the May 2022 Patch Tuesday updates and Microsoft warned at the time that the vulnerability has been publicly disclosed and exploited in attacks.

>> Full Article <<

+5

russell.harris
Popular Voice
1832 replies
2 years ago
May 16, 2022

Ooops!

"The only problem with troubleshooting is that sometimes trouble shoots back!"

+6

kleinmat4103
Popular Voice
512 replies
2 years ago
May 16, 2022

This is so frustrating, and far from the first time this has happened. In this case I had a client contact me directly about patching this vulnerability ahead of our normal schedule. I explained why we don’t patch immediately, but pushed it through for him. And then, on cue, patch to fix vulnerable authentication process breaks all authentication.

ugh.

Reply

Rich Text Editor, editor1

Reply

Related Topics

Twitter Shuts Off Text-Based 2FA for Non-Subscribers

Black Hat 2022

Social Engineering: Hacking Human Nature

Weekly Threat News: 4th April

Announcing Windows 10 Insider Preview Build 17643 for Skip Ahead

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded