Skip to main content

Update Windows 10 security now to patch these 'critical' flaws

representational image of a cloud firewall
(Image credit: Pixabay)

Microsoft has revealed its latest Patch Tuesday release, plugging over 100 security holes in Windows 10 along with fixes for other products including Microsoft Exchange email server following its recent attacks.

Of the 108 patched vulnerabilities, 19 are classified as Critical, with five being zero-day vulnerabilities of which one is known to be actively exploited in the wild.

"We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access," note security researchers from Kaspersky in a blog post on the vulnerability used by threat actors.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Tracked as CVE-2021-28310, the flaw gives attackers the opportunity to elevate their privileges on a target system.

Patch Tuesday

Kaspersky noticed the attack based on the vulnerability that was eventually tagged as CVE-2021-28310 once it was brought to the attention of Microsoft earlier this year.

Kaspersky pins the blame for the exploit on the Bitter APT threat group. However, it wasn’t able to capture the full chain of attack and isn’t sure what other vulnerabilities are exploited by the attack.

In a blog post, Microsoft notes that it hasn’t observed any attacks based on the Exchange vulnerabilities that have been patched in this latest patch Tuesday.

Besides Windows other Microsoft products that got security updates this month include Edge (Chromium-based), Azure Sphere, Azure DevOps Server, SharePoint Server, Visual Studio, and more.

Via: BleepingComputer