Microsoft closes some serious vulnerabilities in Windows and Windows Server – IT Pro – News
Home » today » Technology » Microsoft closes some serious vulnerabilities in Windows and Windows Server – IT Pro – News

Microsoft closes some serious vulnerabilities in Windows and Windows Server – IT Pro – News

by

During the first Patch Tuesday of 2022, Microsoft patched a number of critical vulnerabilities in Windows and Windows Server. One of the most serious vulnerabilities resides in the HTTP Protocol Stack and allows attackers to remotely execute code on a PC.

Windows monthly security update close in January a whole series of 96 major and minor bugs in various Windows components, Office, Teams, Exchange Server, Edge, and .NET Framework. Two vulnerabilities have been given a CVSS score of 9.8, which means they are highly critical. It’s about CVE-2022-21907 in CVE-2022-21849.

The first is an rce vulnerability that allows attackers to remotely execute code by sending a packet to a Windows computer using HTTP Protocol Stack. The attacker does not need to let the user perform an action and he does not need to have any privileges in the system. This makes this vulnerability very suitable for a worm and particularly affects server users. For example, a single attack can affect an entire intranet.

According to Microsoft, the vulnerability has not yet been exploited and no public proof-of-concept exploit is available yet. Still, Microsoft calls on users prioritize fixing this vulnerability in a system. The vulnerability was discovered by Russian security researcher Mikhail Medvedev.

The second to get a CVSS score of 9.8 is an rce vulnerability in Windows Internet Key Exchange version 2. An attacker can remotely trigger various vulnerabilities without authentication and thus execute code remotely. Only systems running IPSec are vulnerable to this attack, Microsoft writes.

In addition, there are a number of other vulnerabilities with relatively high CVSS scores. One of which is CVE-2022-21846. This rce vulnerability in Microsoft Exchange Server is rated 9 out of 10. That means it is critical, but Microsoft clarifies that this vulnerability cannot simply be exploited from the Internet, but access to the same physical network, or access to a shared secure network, for example an MPLS or secure VPN that provides access to an admin environment. This vulnerability was reported to Microsoft by the US intelligence agency NSA.

Related posts:

Mirror's Edge, Battlefield 1943, and Bad Company are no longer available in digital stores after EA'...
This promotion on the MacBook Air M1 is one of the current offers on Cdiscount
GIGABYTE Launches AORUS Gen4 7300 Solid State Hard Drive with New 7,300MB/s Particle Speed
Tips to Prevent Phones from Overheating: Advice from an Electrical and Electronics Engineer
What is NFT? Here’s How to Own and Sell NFT

What is NFT? Here’s How to Own and Sell NFT

How the fake cops entered the house in Popești Leordeni. The “masked men” tied up the tenants and stole 20,000 euros

How the fake cops entered the house in Popești Leordeni. The “masked men” tied up the tenants and stole 20,000 euros

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.