Microsoft has announced that all major versions of Windows are vulnerable to a new zero-day attack which is being actively exploited by hackers. And you need to take action now.
Microsoft disclosed the new threat as part of its May 2022 ‘Patch Tuesday’ update, which contains fixes for 75 flaws across its products and platforms, including three zero-day hacks. But the big news is CVE-2022-26925, which impacts Windows 7, Windows 8.1, Windows 10, Windows 11 and all Windows Server versions:
As it stands, Microsoft is limiting information about this flaw and has only described the attack in general terms but the big takeaway is it has the potential to allow hackers to gain elevated privileges right up to the identity of a domain controller. This is the holy grail for hackers because it gives them the rights to perform any action on your PC. In isolation, Microsoft has assigned the hack a CVSS threat rating of 8.1/10 but this can rise to 9.8/10 when used in conjunction to attack other computers and servers on a network.
Also worth your attention, are five vulnerabilities Microsoft states carry a ‘Critical’ threat level and again impact Windows 7, Windows 8.1, Windows 10 and Windows 11 and all Windows Server versions:
- Critical – CVE-2022-22017 (CVSS 8.8): Remote Desktop Client Remote Code Execution Vulnerability
- Critical – CVE-2022-26923 (CVSS 8.8): Active Directory Domain Services Elevation of Privilege Vulnerability
- Critical – CVE-2022-26931 (CVSS 7.5): Windows Kerberos Elevation of Privilege Vulnerability
- Critical – CVE-2022-23270 (CVSS 8.1): Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
- Critical – CVE-2022-21972 (CVSS 8.1): Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
Windows Users – How To Stay Safe
Microsoft states that the May 2022 ‘Patch Tuesday’ update is rolling out to all users over the coming weeks. To jump the queue and trigger the update manually navigate to Settings > Windows Update > Check For Updates.
Interestingly, the May update actually contains significantly fewer fixes than Microsoft’s April 2022 release (117) but this figure fluctuates — January (97), February (48), March (71) — and the number is less important than the kinds of vulnerabilities discovered. That said, over 400 flaws have now been found in Microsoft platforms since 1 January 2022 so it remains imperative that you keep your system up-to-date at all times.
More On Forbes