Microsoft May 2022 ‘Patch Tuesday’ Update Fixes 3 Zero-Days, 75 Vulnerabilities – Forbes

Microsoft May 2022 ‘Patch Tuesday’ Update Fixes 3 Zero-Days, 75 Vulnerabilities – Forbes

Microsoft May 2022 ‘Patch Tuesday’ Update Fixes 3 Zero-Days, 75 Vulnerabilities – Forbes 2048 1376 charlie

Microsoft has announced that all major versions of Windows are vulnerable to a new zero-day attack. The company confirms there has been “exploitation detected” and you need to take action now.
Microsoft disclosed the new threat as part of its May 2022 ‘Patch Tuesday’ update, which contains fixes for 75 flaws across its products and platforms, including three zero-day vulnerabilities (1,2,3). Of the three, the big news is CVE-2022-26925, which has been actively exploited and impacts Windows 7, Windows 8.1, Windows 10, Windows 11 and all Windows Server versions.
Microsoft has confirmed critical new security flaws in all Windows versions, including Windows 11
As it stands, Microsoft is limiting information about this zero-day and has only described it in general terms as well as confirming it has been exploited in the wild: “Publicly Disclosed: Yes. Exploited: Yes. Latest Software Release: Exploitation Detected.”
The big takeaway of CVE-2022-26925 is it has the potential to allow hackers to gain elevated privileges right up to the identity of a domain controller. This is the holy grail for hackers because it gives them the rights to perform any action on your PC. In isolation, Microsoft has assigned the flaw as carrying a CVSS severity rating of 8.1/10, but this can rise to 9.8/10 when used in conjunction to attack other computers and servers on a network.
Also worth your attention, are five vulnerabilities Microsoft states carry a ‘Critical’ designation and again impact Windows 7, Windows 8.1, Windows 10 and Windows 11 and all Windows Server versions:

Windows Users – How To Stay Safe
Microsoft states that the May 2022 ‘Patch Tuesday’ update is rolling out to all users over the coming weeks. To jump the queue and trigger the update manually navigate to Settings > Windows Update > Check For Updates.
Interestingly, the May update actually contains significantly fewer fixes than Microsoft’s April 2022 release (117), but this figure fluctuates — January (97), February (48), March (71) — and the number is less important than the kinds of vulnerabilities discovered. That said, over 400 flaws have now been found in Microsoft platforms since 1 January 2022, so it remains imperative that you keep your system up-to-date at all times.
More On Forbes

source

    Would you like to receive notifications on latest updates? No Yes