December 2, 2023

An emergency Windows update order has been issued by CISA. The U.S. Cybersecurity and Infrastructure Security Agency has confirmed that threat actors are actively exploiting an elevation of privilege vulnerability across Windows 10, Windows 11 and Windows Server installations that could lead to a full system compromise.

The agency states that CVE-2022-21882 poses a significant risk to the federal enterprise.The vulnerability itself was actually among those fixed in the January Patch Tuesday rollout by Microsoft, and systems that applied those patches are no longer at risk. There were some bugs that hit Windows Servers users when applying these January updates. This could well have meant that many system administrators, including those within federal agencies, opted to delay the process.

Advertisements

CISA has given federal civilian executive branch (FCEB) agencies just two weeks to comply and patch their systems to mitigate the risk from this actively exploited Windows vulnerability. CISA also ‘strongly urges’ all organizations to prioritize this particular patching process as it says these vulnerability types are a frequent attack vector for malicious cyber actors of all type

Tags:

Leave a Reply

Related Post

CISA KEV Update Part I – December 2023

December 1, 2023

Dollar Tree Affected by a Third Party Breach

December 1, 2023

You may have missed

CISA KEV Update Part I – December 2023

December 1, 2023

Dollar Tree Affected by a Third Party Breach

December 1, 2023

Apple Patches iOS zerodays – CVE-2023-42916 and CVE-2023-42917

December 1, 2023

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023
%d bloggers like this: