Microsoft Denotes Major Windows 10 and Windows 11 Vulnerabilities

Amid its March 2022 'Patch Tuesday' update, Microsoft highlighted several severe issues plaguing both of its most prominent operating systems, as well as even older versions still in use. The tech giant denoted at least 71 issues, three of which are known as 'zero day' flaws, which are hacks that have been known well before Microsoft amended them with a patch.

This means that many of those running Windows 10 and Windows 11 could potentially be in danger of serious vulnerabilities. The flaws stretch out even to Windows 8, Windows Server 2019, and 2022.

Microsoft is keeping the information close to the chest, allowing users to upgrade to Windows 11 and series patches for its older offerings. The company has, however, outlined the three aforementioned zero-day vulnerabilities as listed below via Microsoft's own self-assessed danger level, denoted with its Common Vulnerabilities Scoring System (CVSS).

  • CVE-2022-21990 (CVSS 8.8): Remote Desktop Remote Code Execution Vulnerability
  • CVE-2022-24459 (CVSS 7.8): Windows Fax and Scan Service Elevation of Privilege Vulnerability
  • CVE-2022-24512 (CVSS 6.3): .NET and Visual Studio Remote Code Execution Vulnerability

Both CVE-2022-21990 and CVE-2022-24459 are extremely dangerous as public proof-of-concept exploits are already available, yet hackers have not utilized them. It's only amplified proof that Windows 10 and Windows 11 users especially must keep their OS protected via consistent updates and keeping up to date with Microsoft's alerts.

For those concerned and unsure if their OS needs an upgrade/update, patches will typically be rolled out via the system update automatically. If not, users can go to the Settings tab via the Windows screen, select Windows Update, and Check For Updates to push the patch manually.

Although Microsoft is keeping a keen eye on the issues and is pushing out patches as it sees fit. It hasn't seen, until now, zero-day hacks in 2022 but has had a tainted past in amending zero-day patches.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics