An emergency Windows update order has been issued by CISA. The U.S. Cybersecurity and Infrastructure Security Agency has confirmed that threat actors are actively exploiting an elevation of privilege vulnerability across Windows 10, Windows 11 and Windows Server installations that could lead to a full system compromise.
The agency states that CVE-2022-21882 poses a significant risk to the federal enterprise.The vulnerability itself was actually among those fixed in the January Patch Tuesday rollout by Microsoft, and systems that applied those patches are no longer at risk. There were some bugs that hit Windows Servers users when applying these January updates. This could well have meant that many system administrators, including those within federal agencies, opted to delay the process.
CISA has given federal civilian executive branch (FCEB) agencies just two weeks to comply and patch their systems to mitigate the risk from this actively exploited Windows vulnerability. CISA also ‘strongly urges’ all organizations to prioritize this particular patching process as it says these vulnerability types are a frequent attack vector for malicious cyber actors of all type