97 New Security Threats Found in Windows OS!

847

  • Microsoft revealed it has discovered an eye-watering 97 new security vulnerabilities in its operating systems. 
  • Six of these have been classified as ‘zero days’ which means they are out in the wild and were known to hackers.
  • Microsoft has rated five as having an ‘Important’ severity level with another listed as ‘Critical’

As sourced by Forbes in their article. Microsoft has confirmed 97 vulnerabilities in the Windows operating system and among these six vulnerabilities are out in the wild for hackers. Window users are on alert after Microsoft announced the same

Confirmed vulnerability

Windows users around the world need to be on high alert today because Microsoft has confirmed serious new vulnerabilities in Windows 10, Windows 11 and more. 

Breaking down the contents of its January 2022 ‘Patch Tuesday’, Microsoft revealed it has discovered an eye-watering 97 new security vulnerabilities in its operating systems. 

Six of these have been classified as ‘zero days’ which means they are out in the wild and were known to hackers before Microsoft could respond. All versions of Windows are affected, including Windows 7, Windows 8, Windows 10 and Windows 11 as well as Windows Server 2019 and 2022. 

The red alert 

Red alert for users upgrading to this monster update. BleepingComputer reports that it is breaking L2TP VPN connections on both Windows 10 and Windows 11. as well as causing critical bugs on Windows Server 2019 and Windows Server 2022. Microsoft has already pulled the update for both Windows Server editions, where BleepingComputer explains that “critical bugs caused domain controllers to reboot, Hyper-V to not work, and ReFS volume systems to become unavailable.” 

Hyper-V creates virtual machines while ReFS is Microsoft’s new file system and is used on all modern versions of Windows. Microsoft has yet to pull the update for Windows 10 and Windows 11, but concerns will be growing. 

For Windows Server users, there is currently no timeframe for the January patch to be reissued. Considering the number of important fixes and protections, including no fewer than six zero-day exploits, there will be considerable pressure on Microsoft to get the mega-cumulative update back out. That said, there could still be more disruption to come for Windows 10 and Windows 11 users.

Microsoft has a poor record with Windows updates lately, having botched not one but two zero-day patches in recent months. As a security researcher, Abdelhamid Naceri, who discovered one of the failed patches, warned users last month.

The  critical and  important severity levels and the silver lining

To buy Windows users time, Microsoft is currently restricting information about the 97 new exploits but it has disclosed where its platforms are newly vulnerable. Focusing on the six zero-day threats, Microsoft has rated five as having an ‘Important’ severity level with another listed as ‘Critical’:

  • Critical – CVE-2021-22947 – Open Source Curl Remote Code Execution Vulnerability
  • Important – CVE-2021-36976 – Libarchive Remote Code Execution Vulnerability
  • Important – CVE-2022-21919 – Windows User Profile Service Elevation of Privilege Vulnerability
  • Important – CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
  • Important – CVE-2022-21874 – Windows Security Center API Remote Code Execution Vulnerability
  • Important – CVE-2022-21839 – Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability (limited to Windows 10 and Windows Server 2019)

The good news is Microsoft says it is unaware of any of these zero-day hacks being actively exploited by hackers at this stage. That said, this could change at any time and the company lists a further eight of the 97 exploits it discovered as ‘Critical’ and 88 as ‘Important’. So the warning to Windows users could not be clearer. 

Steps we need to take

Microsoft has started to roll out its January 2022 Patch Tuesday to all Windows users so, if you have paused Windows updates for any reason, you should resume them right now. The rollout will reach different users at different times, but if you want to trigger Windows to manually check for them navigate to Settings > Windows Update > Check For Updates.

Windows patches have hit the headlines for the wrong reasons in recent months after Microsoft botched not one, but two zero-day patches. This led to security researcher Abdelhamid Naceri, who discovered one of the failed patches, sarcastically warning users: “you better wait and see how Microsoft will screw the patch again.” Third-party security group 0patch (‘Zero Patch’) also had to step in twice with emergency fixes while Microsoft struggled to provide official fixes. 

So Windows users need not only to react swiftly to the latest threats, they need to hope Microsoft has learned from recent mistakes.

Did you subscribe to our daily Newsletter?

It’s Free! Click here to Subscribe

Source: Forbes