Two zero-day Windows vulnerabilities must be patched as part of Microsoft’s massive upgrade.
If your PC isn’t configured to update automatically, now is an excellent moment to force a patch. There are 128 updates for vulnerabilities not just in Windows, but also in Office, Edge, Azure, and Skype for Business in Microsoft’s latest Patch Tuesday release
Two patches for zero-day vulnerabilities, one of which was identified by the NSA and is now under assault, are included in the update, which is more worrying. An attack in the Windows common log file system driver known as CVE-2022-24521 is the problem at hand.
According to Trend Micro’s Dustin Childs, on the Zero Day Initiative blog: “It’s not mentioned how widespread the vulnerability is utilised in the wild, but it’s likely still targeted at this time and not generally distributed.” It’s imperative that you update your software as soon as possible.
Despite the fact that it may get administrator rights on any system, the zero-day only merits a CVSS score of 7.8 (the maximum possible score is 10). Zero-day CVE-2022-26905 receives a 7.0 rating and has yet to be exploited, although that might change shortly because it has already been made public.
As a result, Microsoft has labelled three of the issues mild and 115 of them “important,” although just 10 of them are considered critical. Of them, Microsoft believes that exploitation is probable for three wormable threats with CVSS ratings of 9.8.
Immersive Labs’ head of cyber threat research, Kevin Breen, tells Krebs on Security that “these might be the type of vulnerabilities that appeal to ransomware operators since they have the ability to reveal sensitive data.”
I’m stumped
With automatic updates enabled, you should be able to remove these malware before they may do harm to your computer. As a precaution, here is a reminder on how to update your Windows PC in light of the many risks.
To access Windows Update on Windows 10, go to the Start menu, Settings app, and then Updates & Security. It’s easier if you’ve already upgraded to Windows 11. Windows Update may be accessed by clicking on the Start button, then clicking on Settings.
Patches that are available for your operating system will be shown in the appropriate window, allowing you to download and instal them as soon as possible. Once the software has been downloaded and installed, you may need to restart your computer, so make a backup of any important data before continuing.