MS-ISAC Cyber Security Advisory Issued: “Multiple vulnerabilities have been discovered in Microsoft products”
The Perfect Cup: ‘Good’ Coffee with a Cause – Green Mountain Energy Company
February 7, 2022
ACORE Comments on OCC Principles for Climate-Related Financial Risk Management for Large Banks
February 14, 2022
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Recommendations
- Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.
- Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.
- Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.
