Security News > 2021 > February > Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild.
The most critical of the flaws is a Windows Win32k privilege escalation vulnerability that allows attackers with access to a target system to run malicious code with elevated permissions.
"This zero-day is a new vulnerability which caused by win32k callback, it could be used to escape the sandbox of Microsoft browser or Adobe Reader on the latest Windows 10 version," DBAPPSecurity researchers said.
Lastly, the Windows maker released a set of fixes affecting its TCP/IP implementation - consisting of two RCE flaws and one denial of service vulnerability - that it said could be exploited with a DoS attack.
"Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic. Thus, we recommend customers move quickly to apply Windows security updates this month."
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
News URL
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)