Security News > 2021 > February > Patch now to stop hackers blindly crashing your Windows computers

As you know, our usual advice for Patch Tuesday boils down to four words, "Patch early, patch often."

As well as the four potential RCE holes mentioned above, there's also a patch for a bug dubbed CVE-2021-1732 that is already being abused in the wild by hackers.

The situation where an attack is known before a patch comes out is known as a zero-day bug: the crooks got there first, so there were zero days on which you could have patched to be ahead of them.

It's an elevation of privilege bug in the Windows kernel itself, which means that crooks who have already broken into your computer can almost certainly abuse the flaw to give themselves almighty powers.

If you're still not convinced to patch early, patch often, you might also want to read Microsoft's special security bulletin entitled Multiple Security Updates Affecting TCP/IP. The three vulnerabilities listed in this bulletin are the uninterestingly named CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086.

DoS, of course, is short for denial of service - a type of vulnerability that's often downplayed as the "Last amongst equals" when compared to security holes such as RCE and EoP. Denial of service means exactly what it says: crooks can't take over a vulnerable service, software program or system, but they can stop it working altogether.

News URL

https://nakedsecurity.sophos.com/2021/02/10/patch-now-to-stop-hackers-blindly-crashing-your-windows-computers/