Security News > 2021 > February > Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs
Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that's known to be actively exploited in the wild.
The most critical of the flaws is a Windows Win32k privilege escalation vulnerability that allows attackers with access to a target system to run malicious code with elevated permissions.
"This zero-day is a new vulnerability which caused by win32k callback, it could be used to escape the sandbox of Microsoft browser or Adobe Reader on the latest Windows 10 version," DBAPPSecurity researchers said.
Lastly, the Windows maker released a set of fixes affecting its TCP/IP implementation - consisting of two RCE flaws and one denial of service vulnerability - that it said could be exploited with a DoS attack.
"Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic. Thus, we recommend customers move quickly to apply Windows security updates this month."
To install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.
News URL
Related news
- Microsoft: Windows 11 22H2 reaches end of support in 60 days (source)
- Microsoft is killing the Windows Paint 3D app after 8 years (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft retires Windows updates causing 0x80070643 errors (source)
- Microsoft removes FAT32 partition size limit in Windows 11 (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- Microsoft to rollout Windows Recall to Insiders in October (source)
- Microsoft to roll out Windows Recall to Insiders in October (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
- Microsoft Delays Recall Launch for Windows Insider Members Until October (source)