First Windows patch of the year!

keyboard with Windows key

We just ended 2021 with the security issue known as the log4shell bug, and now we are rolling into 2022 with all new potential threats online. Yesterday was "Patch Tuesday", which is an unofficial name given to the second and/or fourth Tuesday in a month where certain tech companies release updates and patches for their products, but officially used by Microsoft since 2003. Microsoft released their first "Patch Tuesday" update of 2022 yesterday where they announced that they had discovered, and luckily patched or fixed, nearly 100 security issues within their products.

Of the 97 flaws reported by Microsoft, nine were classified as "critical" and 88 were considered "important". The breakdown of vulnerabilities that were found and fixed included 41 elevation of privilege vulnerabilities, 9 security feature bypass vulnerabilities, 29 remote code execution vulnerabilities, 6 information disclosure vulnerabilities, 9 denial of service vulnerabilities, and 3 spoofing vulnerabilities, with potentially affected systems including Windows operating system, Microsoft Edge, Microsoft Office, Windows Defender, and Windows Exchange Server.

While Microsoft believes that the flaws were not yet being utilized or tested by potential hackers and the threat of that occurring with these flaws has essentially been shut down (at least for those with the latest updates and patches), the main concern was the threat of a "wormable" flaw found within Windows. The threat of a wormable flaw is quite concerning because it means that the flaw does not require human interaction for it's attack to spread and cause damage to numerous machines, most likely to be used in malicious cryptomining operations.

The flaws have been addressed and fixed, but Microsoft is pressing users of their products to stay up to date with the latest patches to keep their machines and information safe. Users of Windows 10 will likely have their system updates automatically downloaded, but to manually ensure that you have the latest and safest patches needed, users can visit the start menu, click settings, and then click "updates and security". If you do not already have the latest updates or patches, this is where they will be available to download.