Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11 as well as other versions including Windows 10.
The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month when Microsoft releases a bunch of patches to fix problems in its software.
While many vulnerabilities, which affect not only newer versions of Windows but also older versions like Windows 8, Windows 7 and Windows Server 2019, were fixed with patches, six threats were exposed as zero-day threats. it was done.
While many security vulnerabilities are thankfully found and fixed before malicious users can find and exploit them, zero day threats are vulnerabilities that are already out in the wild, which means they are particularly worrisome.
In total, Microsoft announced the existence of 97 new exploits – which is certainly a troubling number. As noted in a report by Forbes, Microsoft has limited information about zero-day exploits to ensure they have time to address their exploits. Microsoft believes that so far, no attacks have been conducted using the vulnerabilities. Obviously, however, time is of the essence.
Zero day vulnerabilities are:
- Critical – CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
- IMPORTANT – CVE-2021-36976 – Liberal Remote Code Execution Vulnerability
- IMPORTANT – CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
- Important – CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
- IMPORTANT – CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability
- IMPORTANT – CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability (limited to Windows 10 and Windows Server 2019)
Of the 97 vulnerabilities, eight are labeled as ‘critical’ and 88 as ‘critical’. This means they are particularly dangerous, so users should make sure they are protected against them as soon as possible.
what should you do?
Microsoft’s warning is certainly troubling, but there is no need to panic, as long as you take some precautionary steps. While Zero Day threats are out in the wild, they have not been used and Microsoft is actively working on improvements.
Meanwhile, it has also created patches for several other vulnerabilities. So, the best thing you can do right now is to make sure that Windows 11 (or whatever version you have installed) is updated with the latest security patches.
They should download automatically, and if so you may see a prompt in the taskbar to restart your PC. When you go to shut down your PC you may also notice that there are options for ‘Update and Restart’ and ‘Update and Shut Down’ – make sure you choose one of them.
You should also check to make sure no updates are waiting for you. To do so, open Settings and go to Windows Update > Check for Updates. If any are found, download and install them.
If you have any anti-virus or anti-malware software installed, make sure they are updated as well.
Hopefully Microsoft will continue to investigate and fix these vulnerabilities ASAP.
- These are the best free antivirus software tools