Windows users need to be on high alert yet again, after Microsoft confirmed “Critical” new security flaws in all Windows versions.
Microsoft revealed the vulnerabilities in its latest Patch Day (via gHacks) and warned users of Windows 7, Windows 8, Windows 10 and Windows 11 — as well as all editions of Windows Server — to download its fixes immediately.
To buy Windows users time, Microsoft is currently restricting information about the new hacks but it has disclosed where its platforms are newly vulnerable and classified the hacks as possessing ‘Critical’ threat levels.
- Critical –– CVE-2021-43233 — all Windows versions — Remote Desktop Client Remote Code Execution Vulnerability (patch link)
- Critical –– CVE-2021-43217 — all Windows versions — Windows Encrypting File System (EFS) Remote Code Execution Vulnerability (patch link)
- Critical — CVE-2021-43215 – all Windows versions excluding Windows 11, Windows Server 2022 — SNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution (patch link)
MORE FOR YOU
All three vulnerabilities allow hackers to potentially access Windows versions and remotely launch malicious code on the platforms. CVE-2021-43215 is of particular interest, with Microsoft assigning the vulnerability a CVSSv3 score of 9.8 out of 10 according to the company’s Exploitability Index.
Microsoft has started rolling out fixes for all three flaws to Windows update, but the fastest way to protect yourself is to follow the patch links above and select your Windows version. The one caveat to all this, however, is Microsoft’s recent history after the company botched not one but two zero-day patches in recent months.
As security researcher Abdelhamid Naceri, who discovered one of the failed patches, warned users last month: “you better wait and see how Microsoft will screw the patch again.” Naceri’s words have some merit, especially after third-party security group 0patch (pronounced ‘Zero Patch’) had to step in twice with emergency fixes while Microsoft scrambled to create official fixes.
All of which means, Windows users need to act right now. Then cross their fingers.
More On Forbes