You Need to Update Windows Right Now

Yesterday (May 10) was Microsoft’s “Patch Tuesday” and should not be ignored . The new system update fixes 75 security vulnerabilities in Windows, including three zero-day vulnerabilities , one of which was actively exploited, so you need to protect your PC as soon as possible.

Microsoft defines a zero-day vulnerability as any vulnerability that is either made public or exploited before a patch is released. If we use this definition, then two of these zero-day vulnerabilities were previously published, but they were not exploited (to our knowledge) since Microsoft confirmed that the third was exploited.

The exploitable vulnerability, identified as CVE-2022-26925 , is a Windows LSA spoofing vulnerability. The following is a description of the Microsoft issue:

An unauthenticated attacker can call the LSARPC interface method and force the domain controller to authenticate the attacker using NTLM. This security update detects and blocks anonymous connection attempts in LSARPC.

Essentially, the vulnerability allows attackers to hijack the authentication process: Windows will think that these users have authenticated themselves correctly and unnecessarily grant them elevated permissions. From here, these users can take over the domain controller, granting them access to a dangerous level of access to the Windows server.

Unlike the other 74 vulnerabilities found here, including two zero-day vulnerabilities, this exploit is not theoretical: it can be used on any system that does not have the patch installed. However, now that attention is focused on these two other zero-day vulnerabilities, they can also turn into exploitable flaws at any moment. These two vulnerabilities have been identified as CVE-2022-22713 , a denial of service vulnerability, and CVE-2022-29972 , a remote code execution vulnerability.

While 75 fixes is a lot of fixes, it’s hardly a record. The last time we covered a Windows patch, Microsoft fixed 128 vulnerabilities . However, this does not detract from the importance of this update. To protect yourself from these three security vulnerabilities, as well as the entire list of issues that Microsoft has fixed, install the new update as soon as possible. There are specific updates for various versions of Windows, including 7, 8.1, 10, 11, and Windows Server.

How to Install the Latest Windows Patch on Your Computer

Windows will automatically update your PC when a security update is available, but you don’t have to sit and wait. To protect your system as quickly as possible, you can run the update manually. Go to Settings > Windows Update > Check for Updates .

[ beeping computer ]

More…

Leave a Reply