Microsoft has announced that all major versions of Windows are vulnerable to a new zero-day attack. The company confirms that there has been an “exploit detected” and that you must act now.
Microsoft disclosed the new threat as part of its May 2022 “Patch Tuesday” update, which contains fixes for 75 vulnerabilities in its products and platforms, including three zero-day vulnerabilities (1,2,3) . Among the three, the big news is CVE-2022-26925, which has been actively exploited and impacts Windows 7, Windows 8.1, Windows 10, Windows 11 and all versions of Windows Server.
Microsoft has confirmed new critical security flaws in all versions of Windows, including Windows 11
As it stands, Microsoft is limiting information on this zero-day and only described it in general terms and confirmed that it was mined in the wild: “Publicly Disclosed: Yes. Exploited: Yes. Latest software version: Exploit detected. “
The big advantage of CVE-2022-26925 is that it has the potential to allow hackers to gain elevated privileges up to the identity of a domain controller. It is the holy grail for hackers as it gives them the right to perform any action on your PC. On its own, Microsoft gave the flaw a CVSS severity rating of 8.1/10, but it can reach 9.8/10 when used in conjunction to attack other computers and servers on a network.
Also of note, five Microsoft vulnerabilities carry the “Critical” designation and again affect Windows 7, Windows 8.1, Windows 10 and Windows 11 and all versions of Windows Server:
- Critical – CVE-2022-22017 (CVSS 8.8): Remote Desktop Client Remote Code Execution Vulnerability
- Critical – CVE-2022-26923 (CVSS 8.8): Active Directory Domain Services Elevation of Privilege Vulnerability
- Critical – CVE-2022-26931 (CVSS 7.5): Windows Kerberos Elevation of Privilege Vulnerability
- Critical – CVE-2022-23270 (CVSS 8.1): Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- Critical – CVE-2022-21972 (CVSS 8.1): Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Users – How to Stay Safe
Microsoft says the May 2022 “Patch Tuesday” update will be rolling out to all users over the next few weeks. To skip the queue and trigger the update manually, go to Settings > Windows Update > Check for updates.
Interestingly, the May update actually contains far fewer fixes than Microsoft’s April 2022 release (117), but that number fluctuates – January (97), February (48), March (71) – and the number is less important than the types of vulnerabilities discovered. That said, over 400 flaws have been found in Microsoft platforms since January 1, 2022, so it remains imperative that you keep your system up to date at all times.
Learn more about Forbes
