Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.
Nine of the vulnerabilities fixed in this month’s Patch Tuesday received Microsoft’s “critical” rating, meaning malware or miscreants can exploit them to gain remote access to vulnerable Windows systems through no help from the user.
By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “HTTP Protocol Stack.” Microsoft says the flaw affects Windows 10 and Windows 11, as well as Server 2019 and Server 2022.
“While this is definitely more server-centric, remember that Windows clients can also run http.sys, so all affected versions are affected by this bug,” said Dustin Childs from Trend Micro’s Zero Day Initiative. “Test and deploy this patch quickly.”
Quickly indeed. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online.
Microsoft also fixed three more remote code execution flaws in Exchange Server, a technology that hundreds of thousands of organizations worldwide use to manage their email. Exchange flaws are a major target of malicious hackers. Almost a year ago, hundreds of thousands of Exchange serv ..
Support the originator by clicking the read the rest link below.
