Windows 10 and Windows 11 users, it’s time to take action. Microsoft has confirmed multiple new vulnerabilities in its operating systems, including several which it admits are already known to hackers.
MORE FROM FORBESHow To Upgrade To Windows 11 For ‘Free’ In 2022By Gordon Kelly
Microsoft disclosed the news as part of a massive March 2022 ‘Patch Tuesday’ update, which revealed a total of 71 new flaws. Three of these are ‘zero day’ hacks, which means the vulnerabilities have become public knowledge before Microsoft was able to patch them. Windows 8, Windows 10 and Windows 11 as well as Windows Server 2019 and 2022 are all affected.
In line with protocol, Microsoft is restricting information about all the new exploits to try and buy Windows users time to upgrade. I have highlighted the three zero days below, as well as the danger level Microsoft assigned to them (out of 10) using the Common Vulnerability Scoring System (CVSS).
- Important – CVE-2022-21990 (CVSS 8.8): Remote Desktop Client Remote Code Execution Vulnerability
- Important – CVE-2022-24459 (CVSS 7.8): Windows Fax and Scan Service Elevation of Privilege Vulnerability
- Important – CVE-2022-24512 (CVSS 6,3): .NET and Visual Studio Remote Code Execution Vulnerability
Microsoft states that there are already public proof-of-concept exploits for CVE-2022-21990 and CVE-2022-24459 but they have yet to be used in an attack against Windows users. Something which makes protecting yourself all the more pressing.
Windows Users – What You Need To Do
Microsoft states it is now rolling out fixes to all Windows users, but if you want to jump the queue, you should be able to trigger them manually by going to: Settings > Windows Update > Check For Updates.
Microsoft’s security patches have had a troubled recent history following several botched zero-day patches. That said, there have been relatively few zero-day hacks so far in 2022 — until now.
More On Forbes
Microsoft February 2022 ‘Patch Tuesday’ Fixes Numerous Windows 10, Windows 11 Exploits
Microsoft January 2022 ‘Patch Tuesday’ Fixes 97 Vulnerabilities, Six Zero-Day
original source: Microsoft Issues Serious Windows 10, Windows 11 Update Warning