Microsoft Fixes Over 120 Security Vulnerabilities

Microsoft last week issued an update patching 128 vulnerabilities across various of its platforms, including Windows, Office, Edge, Skype for Business, and more. The number of security flaws alone is worth installing these updates for, however, the focus is on the two zero-day vulnerabilities Microsoft identifies here.

The first flaw, unfortunately, is actively exploited, which makes updating your devices as soon as possible imperative. Microsoft identifies it as CVE-2022-24521, an elevation of privilege vulnerability in the Windows Common Log File System. The other flaw, CVE-2022-26904, is not yet actively exploited. It is also an escalation of privilege vulnerability affecting Windows User Profile Service.

These two vulnerabilities are the most concerning, but don’t ignore the other 126. Of them, 10 are rated “Critical,” 115 are rated “Important,” and three are rated “Moderate.”

To ensure your system is protected from these flaws, update as soon as you can. Remember: these vulnerabilities affected a wide range of Microsoft products, so make sure to pay attention to all updates, not just those for Windows.