Microsoft encourages Windows users to install essential fixes for serious TCP/IP vulnerabilities
Whenever Microsoft releases updates for Windows, the company is always keen for as many people as possible to get the patch installed. But with this month's Patch Tuesday bug fixes, the company is encouraging Windows users even more than usual.
Referring to two Critical security issues and one Important one, all affecting TCP/IP, Microsoft says that "it is essential that customers apply Windows updates to address these vulnerabilities as soon as possible". The CVE-2021-24074, CVE-2021-24086 and CVE-2021-24094 vulnerabilities affect Windows 7 upwards.
- Install this month's Windows 10 updates to patch against an actively exploited zero-day vulnerability
- KB4598299 and KB4598301 are the latest problematic Windows 10 updates
- Microsoft releases KB4598291 update to fix lots of Windows 10 problems
The three flaws include two vulnerabilities that leave systems open to remote code execution (RCE) attacks. The final bug enables an attacker to launch a Denial of Service (DoS) attack. The newly released patches replace workaround that has been previously suggested, but for anyone who is not able to install the updates for any reason, the workarounds can be found on the vulnerabilities' respective pages: Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-24074, Windows TCP/IP Denial of Service Vulnerability CVE-2021-24086., and Windows TCP/IP Remote Code Execution Vulnerability CVE-2021-24094.
In a post about the patches in the Microsoft Security Response Center, the company said:
Today Microsoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term. We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.
Microsoft concludes by saying: "It is important that affected systems are patched as quickly as possible because of the elevated risk associated with these vulnerabilities, and downloads for these can be found in the Microsoft Security Update Guide. Customers who have automatic updates enabled are automatically protected from these vulnerabilities".