Microsoft is rolling out an urgent security update, even on Windows 7

No computer system is inviolable. Week after week, this tune comes back to us through the discovery of security vulnerabilities, whether on our smartphones, our web browsers or even our servers. Today it is Microsoft’s turn to fix a critical bug as soon as possible.

An error that has already been used

During its September monthly update, the Windows publisher rolled out a package of fixes to all of its operating systems, including one that fixes a zero-day bug. This qualification at Microsoft means that a bug has been made public, may have been used by malicious hackers, and has no immediately available fixes. This is the case with the CVE-2022-37969 flaw, which allows bad guys to gain administrative privileges on a machine.

To be exact, it was case, as Microsoft has just released a patch. The flaw relates to the Windows event logging mechanism, which allowed code to be executed with the highest level of privileges. “Attacks of this nature are often associated with a social engineering technique, such as convincing someone to open a file or click on a link. Done, additional code runs with elevated privileges to take control of a system”describes a cybersecurity specialist at the Zero-Day Initiative.

Even Windows 7 has been fixed

The flaw is critical enough for Microsoft to deploy its patch on Windows 7, an operating system that has been officially retired since 2020. Microsoft has provided few details about the nature of the flaw, likely not to encourage malicious actors to embark on major hacking campaigns. The problem appears to be serious as even US defense agencies are being ordered to update their machines as soon as possible.

Other security vulnerabilities, including one affecting the ARM version of Windows 11, were also fixed with the September update. The patches are currently installed: Whether you are on Windows 7, 8, 10 or 11, remember to update your OS quickly.

Advertising, your content continues below

Leave a Comment