Skip to main content

Update Windows 10 security now to patch these 'critical' flaws

representational image of a cloud firewall
(Image credit: Pixabay)
Audio player loading…

Microsoft has revealed its latest Patch Tuesday release, plugging over 100 security holes in Windows 10 (opens in new tab) along with fixes for other products including Microsoft Exchange email (opens in new tab) server following its recent attacks (opens in new tab).

Of the 108 patched vulnerabilities, 19 are classified as Critical, with five being zero-day vulnerabilities of which one is known to be actively exploited in the wild.

"We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser (opens in new tab) exploits to escape sandboxes or get system privileges for further access," note security researchers from Kaspersky (opens in new tab) in a blog post on the vulnerability used by threat actors.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Tracked as CVE-2021-28310, the flaw gives attackers the opportunity to elevate their privileges on a target system.

Patch Tuesday

Kaspersky noticed the attack based on the vulnerability that was eventually tagged as CVE-2021-28310 once it was brought to the attention of Microsoft earlier this year.

Kaspersky pins the blame for the exploit on the Bitter APT threat group. However, it wasn’t able to capture the full chain of attack and isn’t sure what other vulnerabilities are exploited by the attack.

In a blog post, Microsoft notes (opens in new tab) that it hasn’t observed any attacks based on the Exchange vulnerabilities that have been patched in this latest patch Tuesday.

Besides Windows other Microsoft products that got security updates this month include Edge (opens in new tab) (Chromium-based), Azure Sphere, Azure DevOps Server, SharePoint Server, Visual Studio (opens in new tab), and more.

Via: BleepingComputer (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.