Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Microsoft has uncovered loads of Windows 11 security threats – here’s what you need to do

Image Description

Microsoft has revealed that it has discovered several serious security vulnerabilities in Windows 11, as well as other versions including Windows 10.

The revelations came as part of January 2022’s ‘Patch Tuesday’ – the day of the month that Microsoft releases a swathe of patches to fix issues in its software.

While many of the vulnerabilities, which don’t just affect new versions of Windows, but also older versions such as Windows 8, Windows 7 and Windows Server 2019, were fixed with patches, six of the threats were highlighted as zero day threats.

While many security vulnerabilities are thankfully found and fixed before malicious users find and exploit them, zero day threats are vulnerabilities that are already out in the wild, which means they are particularly worrying.

In total, Microsoft announced the existence of 97 new exploits – which is certainly a troubling number. As a report in Forbes explains, Microsoft has limited the information about the zero day exploits to ensure it has time to address them before they are exploited. Microsoft believes that so far, there have not been any attacks using the vulnerabilities. Obviously, though, time is of the essence.

The zero day vulnerabilities are:

  • Critical - CVE-2021-22947 - Open Source Curl Remote Code Execution Vulnerability
  • Important - CVE-2021-36976 - Libarchive Remote Code Execution Vulnerability
  • Important - CVE-2022-21919 - Windows User Profile Service Elevation of Privilege Vulnerability
  • Important - CVE-2022-21836 - Windows Certificate Spoofing Vulnerability
  • Important - CVE-2022-21874 - Windows Security Center API Remote Code Execution Vulnerability
  • Important - CVE-2022-21839 - Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability (limited to Windows 10 and Windows Server 2019)

Of the 97 vulnerabilities, eight are labeled as ‘critical’, with 88 labeled as ‘important’. This means they are particularly dangerous, so users should make sure they are protected against them as soon as possible.

What should you do?

Microsoft’s warning is certainly troubling, but there’s no need to panic, as long as you take some precautionary steps. While the zero day threats are in the wild, they’ve not been used and Microsoft is actively working on fixes.

Meanwhile, it has also created patches for many of the other vulnerabilities. So, the best thing you can do right now is ensure that Windows 11 (or whichever version you have installed) is updated with the latest security patches.

They should download automatically, and If that’s the case you may see a prompt in the taskbar to restart your PC. You may also notice when you go to turn off your PC that there are options to ‘Update and restart’ and ‘Update and shut down’ – make sure you pick one of those.

You should also check to make sure there are no updates waiting for you. To do this, open up Settings and go to Windows Update > Check for Updates. If any are found, download and install them.

If you have any anti-virus or anti-malware software installed, make sure they are updated as well.

Hopefully Microsoft will continue to investigate and fix these vulnerabilities ASAP.

Date

13 Jan 2022

Sources


Share


Other Blog

  • HP has launched a Microsoft 365 and more subscription management service for SMBs

    Managing all of the subscriptions for the various SaaS applications used by SMBs can be a time consuming and tedious process.

    To make matters worse, more than half of IT leaders still rely on dated internal tools and manual spreadsheets to track and monitor their subscriptions and renewals according to a survey from Productiv. Due to this, it can be challenging for IT departments to know when renewals will take place as well as how much is actually being spent on software licenses.

    For this reason, HP has announced a subscription management service designed for small and medium-sized companies to enable them to make software investment decisions based on reliable workforce intelligence.

    The new HP Subscription Management Service provides easy-to-use license management for Microsoft 365 as well as for the full list of Microsoft cloud subscription services.

    HP Subscription Management Service

    By using the new HP Subscription Management Service, IT teams gain online visibility of software analytics and usage trending by user, department or geography so they can easily shift and scale their subscriptions as needed.

    Meanwhile for channel partners, the service offers a one-stop cloud-based solution that enables them to sell Microsoft 365 and the full Microsoft cloud subscription library to their customers along with licensing analytics and premiere partner support from HP.

    HP Subscription Management Service also includes other features that help companies reduce cost and administration overhead while increasing security and compliance. For instance, HP customers can easily flex licenses up or down with simple pay-as-you-go subscription options to ensure that their software spend is the right size for their IT budget. 

    The new service can also be used by organizations to security their workforce whether employees are working from home or at the office with essential cloud security health checks optimized for hybrid working.

    HP Subscription Management Service is expected to be available in France, the UK, Germany and Chile by the end of this year and it will launch in additional countries, including the US, in the first quarter of next year.

    We've also featured the best free office software and best online collaboration tools

    Read More
  • GoDaddy breach exposes 1.2 million customer accounts

    The domain registrar and web hosting company GoDaddy has revealed that it suffered a data breach in which the user data of 1.2m of its customers may have been accessed.

    In a filing with with Securities and Exchange Commission (SEC), the company's chief information security officer Demetrius Comes explained that an “unauthorized third party” had gained access to its managed WordPress hosting environment.

    For those unfamiliar, WordPress is a content management system (CMS) used by millions of site owners worldwide to set up blogs and websites and like other hosting providers, GoDaddy offers WordPress hosting in addition to shared hosting, VPS hosting, dedicated servers and more.

    According to GoDaddy, the unauthorized person gained access to its systems around September 6 by using a compromised password. However, it wasn't until last week on November 17 that the company discovered the breach.

    Compromised user accounts

    GoDaddy's SEC filing says that the breach affects 1.2m active and inactive managed WordPress users who had their email addresses as well as their customer numbers exposed.

    The company also said that the original WordPress admin password, which was created when WordPress was first installed was also exposed. With this password in hand, an attacker can access a customer's WordPress server.

    GoDaddy also revealed that active customers had their sFTP credentials and the usernames and passwords for their WordPress databases, that are used to store all of their content, exposed in the breach. However, in some cases, customer's SSL private keys were exposed and if abused, this key could allow an attacker to impersonate a customer's website or other services. While GoDaddy has reset customer WordPress passwords and private keys, it is currently in the process of issuing them new SSL certificates.

    We'll likely hear more regarding the details of this data breach after GoDaddy finishes conducting a full investigation into the matter.

    We've also featured the best data loss prevention services and best database software

    Via TechCrunch

    Read More
  • This Windows 10 update is breaking printers

    Microsoft directs blames towards non-compliant devices.

    Read More
  • Microsoft Outlook will soon give you a new way to compose messages on the fly

    An imminent Microsoft Outlook update will extend speech-to-text functionality to all devices.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us