Microsoft has released updates to address multiple vulnerabilities in Microsoft software. This month's security update notification contains 84 newly reported vulnerabilities spanning multiple product categories, including a zero-day vulnerability that is actively being exploited in the wild, of which 80 have been rated critical and the remaining as important. Also separately resolved by Microsoft are two other bugs in the Chromium-based Edge browser, one of which plugs another zero-day flaw that Google disclosed as being actively exploited in real-world attacks.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.
3.0 Affected Products
• Windows 10, version 20H2, Windows Server, version 20H2, Windows 10, version 21H1, Windows 10, version 21H2
• Windows 10, version 1809, Windows Server 2019
• Windows 11
• Windows Server 2022
• Windows 7, Windows Server 2008 R2 (Monthly Rollup)
• Windows 7, Windows Server 2008 R2 (Security-only update)
• Windows Server 2012 (Monthly Rollup)
• Windows Server 2008 (Monthly Rollup)
• Windows Server 2008 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Monthly Rollup)
• Windows Server 2012 (Security-only update)
• Windows 8.1, Windows Server 2012 R2 (Security-only update)
Users and administrators are recommended to review the below URLs and perform necessary update. Kindly refer to the below URL:
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT