Windows 10 and Windows 11 users have been urged to take action after Microsoft confirmed serious new vulnerabilities in both operating systems. And attacks are already underway.
Microsoft disclosed the new threats as part of a massive April 2022 ‘Patch Tuesday’ update, with almost 120 vulnerabilities found across Windows 7, Windows 8, Windows 10, Windows 11 and all Windows Server versions. Among these vulnerabilities are two zero-day flaws which hackers are already exploiting and two exploits to which Microsoft has assigned a CVSS threat rating of 9.8/10.
To protect users, Microsoft is currently restricting information about all the new exploits, but I have listed the standout threats below:
- Important – Zero-Day – CVE-2022-24521 (CVSS 8.8): Windows Common Log File System Driver.
- Important – Zero-Day – CVE-2022-26904 (CVSS 7.0): Windows User Profile Service
- Critical – CVE-2022-26809 (CVSS 9.8): Remote Procedure Call Runtime
- Critical – CVE-2022-24491 (CVSS 9.8): Windows Network File System
All four vulnerabilities affect all major versions of Windows and Windows Server with the NSA contacting Microsoft to warn the company that CVE-2022-24521 was already being actively exploited by hackers.
As for CVE-2022-26809 and CVE-2022-24491, they gain their notoriety because they enable RCE (remote code execution) attacks. This is the holy grail for hackers and a favorite path for ransomware extortion because it can expose critical/private user data.
Windows Users – How To Stay Safe
Microsoft states it is rolling out the April 2022 ‘Patch Tuesday’ update to all users over the coming weeks. To jump the queue and trigger the update manually navigate to: Settings > Windows Update > Check For Updates.
The April patch is Microsoft’s biggest of 2022 so far and it has been a busy start to the year with January (97), February (48) and March (71) tallies, meaning well over 300 flaws have been discovered across Windows platforms in little more than 100 days. Microsoft is certainly working hard to patch these flaws, but there is much room for improvement.
More On Forbes