With the latest Microsoft Patch Tuesday security updates about to drop, an emergency Windows update order has been issued by CISA. The U.S. Cybersecurity and Infrastructure Security Agency has confirmed that threat actors are actively exploiting an elevation of privilege vulnerability across Windows 10, Windows 11 and Windows Server installations that could lead to a full system compromise.
A significant risk for Windows users
In a CISA notice published February 4, the agency states that CVE-2022-21882 poses a “significant risk to the federal enterprise.” The vulnerability itself was actually among those fixed in the January Patch Tuesday rollout by Microsoft, and systems that applied those patches are no longer at risk. However, as Bleeping Computer reported at the time, there were some bugs that hit Windows Servers users when applying these January updates. This could well have meant that many system administrators, including those within federal agencies, opted to delay the process.
CISA gives federal agencies two weeks to patch
CISA has given federal civilian executive branch (FCEB) agencies just two weeks to comply and patch their systems to mitigate the risk from this actively exploited Windows vulnerability. However, CISA also ‘strongly urges’ all organizations to prioritize this particular patching process as it says these vulnerability types are ” a frequent attack vector for malicious cyber actors of all type.” Given that this type of emergency directive is not exactly an everyday occurrence, I would concur that patching sooner rather than later, wherever possible, is the prudent course of action in this case.
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
