• November 30, 2022

RØDE Announces Update To The Iconic VideoMicro Shotgun Mic

Australian audio brand RØDE has one of the best marketing tools imaginable. It brands the windshields on all its video mics with the RØDE logo so that whenever you see a …

New Galaxy S23 Ultra Leak Reveals Samsung’s Significant Upgrades

Samsung’s forthcoming Galaxy S23 Ultra will gain some significant improvements over the current Galaxy S22 Ultra, according to the latest leaked info. Taking to Twitter, persistent leaker Ice Universe has revealed …

Organizations That Maintain Trust In 2023 Will Thrive

The 2020s are off to a tumultuous start. Individuals have experienced extraordinary political and social upheaval, war on the European continent, the reemergence of infectious diseases, financial instability, scandals, and extreme …

Microsoft has announced that all major versions of Windows are vulnerable to a new zero-day attack which is being actively exploited by hackers. And you need to take action now.

Microsoft disclosed the new threat as part of its May 2022 ‘Patch Tuesday’ update, which contains fixes for 75 flaws across its products and platforms, including three zero-day hacks. But the big news is CVE-2022-26925, which impacts Windows 7, Windows 8.1, Windows 10, Windows 11 and all Windows Server versions:

As it stands, Microsoft is limiting information about this flaw and has only described the attack in general terms but the big takeaway is it has the potential to allow hackers to gain elevated privileges right up to the identity of a domain controller. This is the holy grail for hackers because it gives them the rights to perform any action on your PC. In isolation, Microsoft has assigned the hack a CVSS threat rating of 8.1/10 but this can rise to 9.8/10 when used in conjunction to attack other computers and servers on a network.

Also worth your attention, are five vulnerabilities Microsoft states carry a ‘Critical’ threat level and again impact Windows 7, Windows 8.1, Windows 10 and Windows 11 and all Windows Server versions:

  • Critical – CVE-2022-22017 (CVSS 8.8): Remote Desktop Client Remote Code Execution Vulnerability
  • Critical – CVE-2022-26923 (CVSS 8.8): Active Directory Domain Services Elevation of Privilege Vulnerability
  • Critical – CVE-2022-26931 (CVSS 7.5): Windows Kerberos Elevation of Privilege Vulnerability
  • Critical – CVE-2022-23270 (CVSS 8.1): Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
  • Critical – CVE-2022-21972 (CVSS 8.1): Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability

Windows Users – How To Stay Safe

Microsoft states that the May 2022 ‘Patch Tuesday’ update is rolling out to all users over the coming weeks. To jump the queue and trigger the update manually navigate to Settings > Windows Update > Check For Updates.

Interestingly, the May update actually contains significantly fewer fixes than Microsoft’s April 2022 release (117) but this figure fluctuates — January (97), February (48), March (71) — and the number is less important than the kinds of vulnerabilities discovered. That said, over 400 flaws have now been found in Microsoft platforms since 1 January 2022 so it remains imperative that you keep your system up-to-date at all times.

More On Forbes


Leave a Reply

Your email address will not be published.