Security News > 2021 > February > Microsoft urges customers to patch critical Windows TCP/IP bugs
Microsoft has urged customers today to install security updates for three Windows TCP/IP vulnerabilities rated as critical and high severity as soon as possible.
The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher.
"The DoS exploits for these CVEs would allow a remote attacker to cause a stop error. Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic," the Microsoft Security Response Center team said.
"We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month."
While Microsoft says that it is vital to apply today's security updates on all Windows devices as soon as possible, the company also provides workarounds for those who can't immediately deploy them.
The IPv4 workaround requires hardening against the use of Source Routing, normally disallowed in Windows default state.
News URL
Related news
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- Microsoft discloses Office zero-day, still working on a patch (source)
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (source)
- SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software (source)