The regular updates your PC gets might seem annoying occasionally, but they’re critical to keep your PC safe online. Case in point: Microsoft has released a patch for a zero-day vulnerability affecting all Windows computers.
The newest security update by Microsoft affects every recent version of Windows. It’s currently rolling out to Windows 11, 10, and 8/8.1, as well as all Windows Server versions going back to Windows Server 2008. It’s also rolling out to Windows 7, even though security updates were supposed to end on January 14, 2020.
The vulnerability in question is identified as CVE-2022-37969, and it’s a bug that allows for elevation of privilege in the Windows Common Log File System Driver, which an attacker can exploit to obtain system-level privileges on a vulnerable device. The attacker would need access to a compromised machine and the ability to run code on it, so this vulnerability could be exploited through something like a virus or an otherwise malicious file.
Microsoft gave credit to four different teams of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the issue, perhaps signaling that this vulnerability was already being exploited in the wild — something that could also explain the urgency towards fixing the issue on even deprecated, unsupported operating systems like Windows 7.
The security patch is rolling out to PCs now, so make sure to update your PC as soon as you get a chance.