Technology

Microsoft Serious Issues Windows 10 and Windows 11 Upgrade Upgrade

01/14 update below. This post was originally published on November 12

Windows users around the world need to be on high alert today because Microsoft has confirmed new critical security vulnerabilities in Windows 10, Windows 11 and more.

More from ForbesMicrosoft reveals new and serious security flaws in Windows 7 to 11

Microsoft, breaking down the contents of Patch Tuesday for January 2022, revealed that it had discovered 97 new security vulnerabilities in its operating systems. Six of these are labeled “Day Zero” which means they were out in the wild and were known to hackers before Microsoft could respond. All versions of Windows are affected, including Windows 7, Windows 8, Windows 10, and Windows 11 as well as Windows Server 2019 and 2022.

Update 01/14: Red alert for users who are upgrading to this brutal update. PC Reports It breaks L2TP VPN connections on both Windows 10 and Windows 11. In addition to causing serious bugs on Windows Server 2019 and Windows Server 2022. Microsoft has already pulled the update for both versions of Windows Server, with BleepingComputer explain that “Critical errors caused domain controllers to restart, Hyper-V not working, and ReFS storage systems unavailable.” Hyper-V creates virtual machines while ReFS is Microsoft’s new file system and is used in all modern versions of Windows. Microsoft has yet to pull the update for Windows 10 and Windows 11, but concerns will grow. For Windows Server users, there is currently no time frame for the January patch re-release. Consider the number of important repairs and protections, at least six Zero Day GapsThere will be a lot of pressure on Microsoft to bring back the massive cumulative update. However, there may be more disruption for Windows 10 and Windows 11 users.

Microsoft has had a poor record with Windows updates lately, having failed Not one but two Scratch spots in recent months. Security researcher Abdelhamid Nasri, who discovered one of the failed patches, also warned users last month: “It is better to wait and see how Microsoft will undo the patch again.” Well, here we are again.

To buy time for Windows users, Microsoft is currently restricting information about 97 new exploits but has revealed where its platforms have recently become vulnerable. Focusing on six zero-day threats, Microsoft rated five as having a severity level of “Important” with another rated as “Critical”:

  • Important – CVE-2021-22947 – Open source Curl remote code execution vulnerability
  • Important – CVE-2021-36976 – Remote Code Execution Vulnerability in Libarchive
  • IMPORTANT – CVE-2022-21919 – Raising the Windows User Profile Service for Poor Privilege
  • Important – CVE-2022-21836 – Windows Certificate Spoofing Vulnerability
  • Important – CVE-2022-21874 – Windows Security Center Remote Code Execution Vulnerability
  • Important – CVE-2022-21839 – Discretionary Access Control List for Windows Event Tracking Denial of Service Vulnerability (limited to Windows 10 and Windows Server 2019)

The good news is that Microsoft says it is not aware of any of these hacks being actively exploited by hackers at this point. However, this could change at any time and the company lists another eight of the 97 vulnerabilities it has discovered as “critical” and 88 as “important”. So the warning for Windows users couldn’t be more clear.

what do you want to do

Microsoft has started rolling out its January 2022 patch Tuesday to all Windows users, so if you’ve paused Windows updates for any reason, you should resume them now. The rollout will reach different users at different times, but if you want to run Windows to check them manually, go to: Settings > Windows Update > Check for updates.

Windows patches made headlines for the wrong reasons in recent months after Microsoft failed not one, but two zero-day patches. This led security researcher Abdelhamid Al-Nasiri, who discovered one of the failed patches, to sarcastically warn users: “Better wait and see how Microsoft will undo the patch again.” The third-party security suite 0patch (‘Zero Patch’) has also had to step in twice with emergency fixes while Microsoft struggles to provide official fixes.

So Windows users not only need to respond quickly to recent threats, but also need to hope that Microsoft has learned from recent mistakes.

More about Forbes

Emergency Patch for Failed Windows 10 and Windows 11 Security Update Released

Microsoft’s failed patch leaves all versions of Windows open for Zero-Day Hack

.

Leave a Reply

Your email address will not be published. Required fields are marked *