Windows 10 and Windows 11 users were urged to act after Microsoft confirmed serious new vulnerabilities in both operating systems. And the attacks are already underway.
Microsoft released the new threats as part of a massive April 2022 ‘Patch Tuesday’ update, with nearly 120 vulnerabilities found in Windows 7, Windows 8, Windows 10, Windows 11 and all versions of Windows Server. Among these vulnerabilities are two zero-day flaws that hackers are already exploiting and two exploits that Microsoft has assigned a CVSS threat rating of 9.8/10.
To protect users, Microsoft is currently restricting information about all new exploits, but I’ve listed the prominent threats below:
- Important – Day Zero – CVE-2022-24521 (CVSS 8.8): Windows common log file system driver.
- Important – Day Zero – CVE-2022-26904 (CVSS 7.0): Windows User Profile Service
- Critical – CVE-2022-26809 (CVSS 9.8): Remote Procedure Call Execution Time
- Critical – CVE-2022-24491 (CVSS 9.8): Windows Network File System
All four vulnerabilities affect all major versions of Windows and Windows Server, with the NSA reaching out to Microsoft to alert the company that CVE-2022-24521 was already being actively exploited by hackers.
As for CVE-2022-26809 and CVE-2022-24491, they gain notoriety because they allow RCE (remote code execution) attacks. This is the holy grail for hackers and a favorite avenue for ransomware extortion because it can expose critical/private user data.
Windows Users – How to stay safe
Microsoft claims it is rolling out the April 2022 ‘Patch Tuesday’ update to all users in the coming weeks. To skip the queue and trigger the update manually, navigate to: Settings > Windows Update > Check for Updates.
The April patch is Microsoft’s biggest of 2022 so far and it’s been a busy start to the year with records from January (97), February (48) and March (71), meaning that over 300 flaws have been discovered in the Windows platforms in no time. more than 100 days. Microsoft is certainly working hard to fix these flaws, but there’s a lot of room for improvement.
More about Forbes