You need to update Windows now

Yesterday (May 10th) It was Microsoft’s “Patch Tuesday”. Don’t ignore..New system Update the patch 75 Windows Security VulnerabilityIncludes three zero-day defects.One of them Aggressively abused and making it essential to you Safeguard Your computer as soon as possible.

Microsoft defines a zero-day flaw as a vulnerability that is exposed or exploited before the patch is applied. According to that definition here, two of these zero-day defects were previously published but not utilized (what we know).), Because Microsoft confirmed number 3 Have It was abused.

Abused defect. CVE-2022-26925Is a Windows LSA spoofing vulnerability. The following is Microsoft’s description of this issue.

An unauthenticated attacker could call a method on the LSARPC interface and use NTLM to force the domain controller to authenticate against the attacker. This security update detects and prohibits anonymous connection attempts on LSAR PCs.

Essentially, this flaw allows a malicious attacker to hijack the authentication process. Windows considers these users to properly authenticate themselves and grants elevated permissions without benefit. From here, these users can hijack the domain controller and grant dangerous levels of access. Windows server.

Unlike the other 74 vulnerabilities identified here, it contains two zero-day flaws.This exploit is not theoretical. It can be abused on systems that do not have the patch installed.But now the spotlight is on others Two zero-day vulnerabilities, they may also It always turns into a misused defect.These two defects are identified as follows: CVE-2022-22713Service denial vulnerability, and CVE-2022-29972Remote code execution vulnerability.

The 75 patch is a lot of fixes, but it’s rarely a record break.. The last time I covered Windows patches Microsoft has fixed 128 vulnerabilities.. However, this does not undermine the importance of this update. To Protect yourself from these three security vulnerabilities and a complete list of issues Microsoft has patched, Please install the new update as soon as possible. There are specific updates for different versions of Windows, including 7, 8.1, 10, 11, and Windows Server.

How to install the latest Windows patches on your PC

When security updates are available, Windows will automatically update your PC, but you don’t have to wait. You can manually trigger updates to protect your system as soon as possible.go to [設定]>[WindowsUpdate]>[更新の確認]..

[Bleeping Computer]