MA-864.092022: MyCERT Advisory - Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager
1.0 Introduction
Recently, Microsoft released a security update to address a vulnerability in Microsoft Endpoint Configuration Manager, versions 2103-2207.
2.0 Impact
An attacker could exploit this vulnerability to obtain sensitive information.
3.0 Affected Products
The affected Microsoft product is:
• Microsoft Endpoint Configuration Manager
4.0 Recommendations
Users and administrators to review Microsoft’s Security Advisory for CVE-2022-37972 and apply the necessary updates. Kindly refer to the following URL:
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/09/21/microsoft-releases-out-band-security-update-microsoft-endpoint
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
MA-861.092022: MyCERT Advisory - Microsoft Releases September 2022 Security Updates
1.0 Introduction
Recently, Microsoft has released updates to address multiple vulnerabilities in Microsoft software packaged in their September 2022 Security Updates package. This month’s security update notification presents 104 newly reported vulnerabilities.
2.0 Impact
An attacker could exploit some of these vulnerabilities to take control of an affected device.
3.0 Affected Products
The affected Microsoft products are:
• SharePoint Enterprise Server 2016
• SharePoint Foundation 2013
• SharePoint Server 2019
• SharePoint Server 2019
• SharePoint Foundation 2013
• SharePoint Enterprise Server 2016
• SharePoint Server Subscription Edition Language Pack
• SharePoint Server Subscription Edition Core
• Windows 10, version 1607, Windows Server 2016
• Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
• Windows Server 2019
• Windows Server 2022
• Windows 10
• Windows 11
• Windows Server 2008 (Monthly Rollup)
• Windows 7, Windows Server 2008 R2 (Monthly Rollup)
• Windows 8.1, Windows Server 2012 R2 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
• Windows Server 2012 (Monthly Rollup)
• Windows Server 2008 (Security-only update)
• Windows 7, Windows Server 2008 R2 (Security-only update)
• Windows Server 2012 (Security-only update)
4.0 Recommendations
Users and administrators to review Microsoft’s September 2022 Security Update Guide and Deployment Information and apply the necessary updates. Kindly refer to the following URLs:
• https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep
• https://msrc.microsoft.com/update-guide/deployments
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/09/13/microsoft-releases-september-2022-security-updates
• https://msrc.microsoft.com/update-guide/releaseNote/2022-Sep
• https://msrc.microsoft.com/update-guide/deployments
MA-845.072022: MyCERT Alert - Large-scale Phishing Campaign Bypasses MFA
1.0 Introduction
Microsoft recently disclosed that since September 2021, a large-scale phishing campaign has targeted over 10,000 organisations by hijacking Office 365's authentication process, even on accounts secured with multi-factor authentication (MFA). The phishing campaign employs proxy sites that act as an adversary-in-the-middle (AiTM) to circumvent MFA features and steal credentials, which are then used to conduct subsequent business email compromise (BEC) campaigns against other targets. Figure 1 depicts a high-level overview of the AiTM phishing campaign and subsequent BEC.
Figure 1: An overview of the AiTM phishing campaign and subsequent BEC [1]
With AiTM phishing, cybercriminals place a proxy server between the targeted user and the website they're trying to visit, enabling the cybercriminal to intercept and steal the user's password and session cookie, which are implemented by web services after initial authentication so that the user doesn't have to keep authenticating as they move through the site during the session. Through the stolen session cookie, the attacker gets access to the session via the user. Once the attacker has the stolen credentials and session cookies, they can access the victim's email boxes and run a BEC campaign, in this case payment fraud.
2.0 Recommendations
Listed below are some recommendations for users as preventive measures and mitigation steps against these attacks:
- Be vigilant about phishing attempts. Always be wary of suspicious emails and verify before clicking any links or downloading any attachments, especially if the email comes from an unfamiliar sender.
- Verify a link in an email/SMS by checking the domain name of the site, as it is an indicator of whether the site is legitimate. Users can hover their mouse over the link to ensure that they are being directed to the Uniform Resource Locator (URL) stated.
- Enable conditional access policies. Conditional access policies are evaluated and enforced every time an attacker attempts to use a stolen session cookie. Organizations can protect themselves from attacks that leverage stolen credentials by enabling policies such as compliant devices or trusted IP address requirements.
- Invest in advanced anti-phishing solutions that monitor and scan incoming emails and visited websites. For example, organizations can leverage web browsers that can automatically identify and block malicious websites, including those used in this phishing campaign.
- Continuously monitor for suspicious or anomalous activities:
- Hunt for sign-in attempts with suspicious characteristics (for example, location, ISP, user agent, use of anonymizer services).
- Hunt for unusual mailbox activities such as the creation of Inbox rules with suspicious purposes or unusual amounts of mail item access events by untrusted IP addresses or devices.
- Report security incidents to relevant authorities or to CERTs/CSIRTs in your constituency for immediate remediation and mitigations.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
3.0 References
MA-844.072022: MyCERT Advisory - Microsoft July 2022 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month's security update notification contains 84 newly reported vulnerabilities spanning multiple product categories, including a zero-day vulnerability that is actively being exploited in the wild, of which 80 have been rated critical and the remaining as important. Also separately resolved by Microsoft are two other bugs in the Chromium-based Edge browser, one of which plugs another zero-day flaw that Google disclosed as being actively exploited in real-world attacks.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
• Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
• Windows 10, version 1809, Windows Server 2019
• Windows 11
• Windows Server 2022
• Windows 7, Windows Server 2008 R2 (Monthly Rollup)
• Windows 7, Windows Server 2008 R2 (Security-only update)
• Windows Server 2012 (Monthly Rollup)
• Windows Server 2008 (Monthly Rollup)
• Windows Server 2008 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
• Windows Server 2012 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Security-only update)
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
1) https://www.cisa.gov/uscert/ncas/current-activity/2022/07/12/microsoft-releases-july-2022-security-updates
2) https://msrc.microsoft.com/update-guide/deployments
3) https://msrc.microsoft.com/update-guide/releaseNote/2022-Jul
4) https://thehackernews.com/2022/07/microsoft-releases-fix-for-zero-day.html?m=1
MA-839.062022: MyCERT Advisory - Microsoft Releases Workaround Guidance for MSDT Follina Vulnerability
1.0 Introduction
Microsoft has released workaround guidance to address a remote code execution (RCE) vulnerability (CVE-2022-30190), dubbed as "Follina" that affecting the Microsoft Support Diagnostic Tool (MSDT) in Windows. According to Microsoft, CVE-2022-30190 is a remote code execution vulnerability that exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights.
2.0 Impact
A remote, unauthenticated attacker could exploit this vulnerability to take control of an affected system.
3.0 Affected Products
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows RT 8.1
Windows 8.1 for x64-based systems
Windows 8.1 for 32-bit systems
Windows 7 for x64-based Systems Service Pack 1
Windows 7 for 32-bit Systems Service Pack 1
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows 11 for ARM64-based Systems
Windows 11 for x64-based Systems
Windows Server, version 20H2 (Server Core Installation)
Windows 10 Version 20H2 for ARM64-based Systems
Windows 10 Version 20H2 for 32-bit Systems
Windows 10 Version 20H2 for x64-based Systems
Windows Server 2022 Azure Edition Core Hotpatch
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 21H1 for 32-bit Systems
Windows 10 Version 21H1 for ARM64-based Systems
Windows 10 Version 21H1 for x64-based Systems
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
4.0 Recommendations
MyCERT strongly urges users and administrators to review Microsoft's Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability and apply the necessary workaround until a patch is issued to fix the problem. Kindly refer to the below URL:
• https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/05/31/microsoft-releases-workaround-guidance-msdt-follina-vulnerability
• https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
• https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-30190
• https://unit42.paloaltonetworks.com/cve-2022-30190-msdt-code-execution-vulnerability/
• https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
• https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
• https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
MA-835.052022: MyCERT Advisory - Microsoft May 2022 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 14 newly reported vulnerabilities.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
• New Exchange Server Security Update and Hotfix Packaging
• Windows 10, version 1809, Windows Server 2019
• Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
• Windows 11
• Windows Server 2022
• Windows 10, version 1607, Windows Server 2016
• Windows 7, Windows Server 2008 R2 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Security-only update)
• Windows Server 2008 (Security-only update)
• Windows Server 2008 (Monthly Rollup)
• Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
• Windows 7, Windows Server 2008 R2 (Monthly Rollup)
• Windows Server 2012 (Monthly Rollup)
• Windows Server 2012 (Security-only update)
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-May
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/05/11/microsoft-releases-may-2022-security-updates
• https://msrc.microsoft.com/update-guide/deployments
• https://msrc.microsoft.com/update-guide/releaseNote/2022-May
MA-833.052022: MyCERT Advisory - Microsoft Releases Advisory to Address Vulnerability in Azure Data Factory and Azure Synapse pipelines [CVE-2022-29972]
1.0 Introduction
Microsoft has released an advisory to address CVE-2022-29972, a security flaw affecting Azure Synapse and Azure Data Factory pipelines that could let attackers execute remote commands across Integration Runtime (IR) infrastructure. IR compute infrastructure is used by Azure Synapse and Azure Data Factory pipelines to provide data integration capabilities across network environments (e.g., data flow, activity dispatch, SQL Server Integration Services (SSIS) package execution). The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory IR and did not impact Azure Synapse as whole.
2.0 Impact
Exploitation of some of these vulnerabilities may allow an attacker to perform remote command execution across IR infrastructure not limited to a single tenant.
3.0 Affected Products
Third-party Open Database Connectivity (ODBC) driver used to connect to Amazon Redshift in Azure Synapse pipelines and Azure Data Factory Integration Runtime (IR).
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform the necessary update. Kindly refer to the below URL:
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
• https://www.bleepingcomputer.com/news/security/microsoft-releases-fixes-for-azure-flaw-allowing-rce-attacks/
• https://aka.ms/SynapsePipelinesUpdate
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29972
• https://insightsoftware.com/trust/security/advisories/redshift-and-athena-driver-vulnerability/
• https://msrc.microsoft.com/update-guide/vulnerability/ADV220001
MA-831.042022: MyCERT Advisory - Microsoft April 2022 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 16 newly reported vulnerabilities.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
• Windows 10, version 1909
• Windows 11
• Windows 10, version 1607, Windows Server 2016
• Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
• Windows Server 2022
• Windows 7, Windows Server 2008 R2 (Monthly Rollup)
• Windows Server 2008 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Security-only update)
• Windows 10, version 1809
• Windows 7, Windows Server 2008 R2 (Security-only update)
• Windows Server 2012 (Monthly Rollup)
• Windows 10
• Windows Server 2008 (Monthly Rollup)
• Windows Server 2012 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
• SharePoint Server Subscription Edition
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
• https://www.cisa.gov/uscert/ncas/current-activity/2022/04/12/microsoft-releases-april-2022-security-updates
• https://msrc.microsoft.com/update-guide/deployments
• https://msrc.microsoft.com/update-guide/releaseNote/2022-Apr
MA-828.042022: MyCERT Advisory - Microsoft March 2022 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 14 newly reported vulnerabilities.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
- Microsoft Exchange Server 2013
- Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
- Windows 10, version 1607, Windows Server 2016
- Windows Server 2022
- Windows 10, version 1809, Windows Server 2019
- Windows Server 2008 (Security-only update)
- Windows Server 2012 (Security-only update)
- Windows 7, Windows Server 2008 R2 (Security-only update)
- Windows Server 2008 (Monthly Rollup)
- Windows Server 2012 (Monthly Rollup)
- Windows 7, Windows Server 2008 R2 (Monthly Rollup)
- Windows 8.1, Windows Server 2012 R2 (Security-only update)
- Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
- Microsoft Exchange Server 2016, 2019
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-Mar
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
MA-827.032022: MyCERT Advisory - Microsoft February 2022 Security Updates
1.0 Introduction
Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month’s security update notification presents 14 newly reported vulnerabilities, where none have been rated Critical while the remaining classified as Important.
2.0 Impact
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
Windows 10, version 1809, Windows Server 2019
Windows Server 2022
Windows Server 2008 (Monthly Rollup)
Windows Server 2012 (Monthly Rollup)
Windows 8.1, Windows Server 2012 R2 (Security-only update)
Windows Server 2008 (Security-only update)
Windows 7, Windows Server 2008 R2 (Monthly Rollup)
Windows Server 2012 (Security-only update)
Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
Windows 7, Windows Server 2008 R2 (Security-only update)
SharePoint Server 2019
4.0 Recommendations
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web: https://www.mycert.org.my
Twitter: https://twitter.com/mycert
Facebook: https://www.facebook.com/mycert.org.my
5.0 References
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/08/microsoft-releases-february-2022-security-updates
https://msrc.microsoft.com/update-guide/deployments
https://msrc.microsoft.com/update-guide/releaseNote/2022-Feb