Microsoft issues serious Windows 10 and Windows 11 update warning

Windows 10 and Windows 11 users have been urged to take action after Microsoft confirmed serious new vulnerabilities in both operating systems. And the attacks are already underway.

Microsoft disclosed the new threats as part of a massive April 2022 “Patch Tuesday” update, with nearly 120 vulnerabilities found on Windows 7, Windows 8, Windows 10, Windows 11 and all versions of Windows Server . These vulnerabilities include two zero-day flaws that hackers are already exploiting and two exploits that Microsoft has assigned a CVSS threat rating of 9.8/10.

To protect users, Microsoft currently restricts information about all new exploits, but I’ve listed the top threats below:

  • Important – Zero Day – CVE-2022-24521 (CVSS 8.8): Windows Common Log File System Driver.
  • Important – Zero Day – CVE-2022-26904 (CVSS 7.0): Windows User Profile Service
  • Critical – CVE-2022-26809 (CVSS 9.8): Remote Procedure Call Execution
  • Critical – CVE-2022-24491 (CVSS 9.8): Windows Network File System

The four vulnerabilities affect all major versions of Windows and Windows Server, with the NSA contacting Microsoft to warn the company that CVE-2022-24521 was already being actively exploited by hackers.

As for CVE-2022-26809 and CVE-2022-24491, they are gaining notoriety because they allow RCE (Remote Code Execution) attacks. It is the holy grail for hackers and a preferred path for ransomware extortion as it can expose critical/private user data.

Windows Users – How to Stay Safe

Microsoft says it will be rolling out the April 2022 “Patch Tuesday” update to all users over the next few weeks. To skip the queue and trigger the update manually, navigate to: Settings > Windows Update > Check for updates.

The April patch is Microsoft’s biggest in 2022 so far and the start of the year has been loaded with January (97), February (48) and March (71) countdowns, meaning more 300 flaws have been discovered on Windows platforms in a short time. more than 100 days. Microsoft is certainly working hard to fix these flaws, but there’s still a lot to do.

Learn more about Forbes

MORE FORBESZero-Day Windows 10/11 Hack Left Unsolved For Seven Months Plus

Source link

Steven L. Nielsen