Microsoft on Tuesday released software updates to plug at least 70 security holes in its Windows operating systems and related software. For the second month running, there are no scary zero-day threats looming for Windows users, and relatively few “critical” fixes. And yet we know from experience that attackers are already trying to work out how to turn these patches into a roadmap for exploiting the flaws they fix. Here’s a look at the security weaknesses Microsoft says are most likely to be targeted first.
Greg Wiseman, product manager at Rapid7, notes that three vulnerabilities fixed this month have been previously disclosed, potentially giving attackers a head start in working out how to exploit them. Those include remote code execution bugs CVE-2022-24512, affecting .NET and Visual Studio, and CVE-2022-21990, affecting Remote Desktop Client. CVE-2022-24459 is a vulnerability in the Windows Fax and Scan service. All three publicly disclosed vulnerabilities are rated “Important” by Microsoft.
Just three of the fixes this month earned Microsoft’s most-dire “Critical” rating, which Redmond assigns to bugs that can be exploited to remotely compromise a Windows PC with little to no help from users. Two of those critical flaws involve Windows video codecs. Perhaps the most concerning critical bug quashed this month is CVE-2022-23277, a r ..
Support the originator by clicking the read the rest link below.
