Update Windows 10 without delay, vulnerabilities are actively exploited

Updates made by Microsoft for Windows 10 include plug-in patches used for malicious purposes.

If you want to postpone Windows updates, it is a good idea to start at least this time. In fact, the new patches that Microsoft proposed on June 8 for its operating systems contain important patches that prevent vulnerabilities. Some of these vulnerabilities are already being actively exploited for malicious purposes.

Six flaws to fix without delay

More precisely, six violations are used to take action against computer stations equipped with Windows 10 (not less than 19 versions of the OS), but Windows 7, Windows 8.1 and several versions of the Windows server. List of affected organizations Available on this page. Globally, the latest versions of Windows have all been affected.

The level of risk of error is measured According to the standardized scale, Which goes from 0.1 to 10. This is the CVSS (for general vulnerability assessment system). For the six violations involved, the scores range from 5.2 to 8.4. From 4 to 7, the risk is moderate and beyond 9 it is considered significant. Warning: This does not mean that the damage from a moderate split is moderate.

For the six defects in question, the threats are threefold: remote processing of the spontaneous code, i.e. malicious code sent across the network; Breach of data confidentiality; Finally, the increase in privilege, which allows the attacker to reach the boxes of the operating system.

Errors have technical names: CVE-2021-31199 (Microsoft Advanced Cryptographic Provider), CVE-2021-31201 (Same); CVE-2021-31956 (Windows NTFS), CVE-2021-33739 (Microsoft DWM Core Library), CVE-2021-31955 (Windows kernel information) and CVE-2021-33742 (MSHTML operating system for Windows).

The French Center for Systems Monitoring, Alert and Response (CERT-FR), which is affiliated with the National Agency for Information Security (ANSSI) A publication about Of these six shortcomings and we recommend that everyone use the corrections as soon as possible. A system restart will be requested after installation.

Beyond these six particularly sensitive flaws, Microsoft also got the opportunity Fix dozens of other vulnerabilities – This is the responsibility of CERT-FR In a separate release. These violations can bypass certain security features of Windows, but can also lead to data leaks, malicious code injection, or service denials.

Continuation in the video