Critical vulnerability in Windows allows hackers to misuse vulnerable devices
Windows中的严重漏洞允许黑客滥用易受攻击的设备
尽快更新Windows和Microsoft Office以保持安全。
作为2023年1月补丁周二的一部分,微软修复了一个已经被网络犯罪分子积极利用的零日漏洞,以及其他10个关键漏洞和87个不太危险的问题。已经被利用的漏洞CVE-2023-21674允许黑客获得对系统和用户数据的未经授权访问,并提升其在所攻击系统中的权限。目前还没有公开CVE-2023-21674在野外的确切用途。
在各种Windows和Office组件中发现了其他严重漏洞。尽管没有关于这些CVE被积极利用的报道,但它们在未来仍可能成为一个问题。
我们建议您尽快安装最新更新,以保护您的设备。有关说明,请参阅Windows和Office的Microsoft支持页面。
Update Windows and Microsoft Office as soon as possible to stay safe.
Microsoft has fixed a zero-day vulnerability that’s already being actively exploited by cybercriminals, along with 10 other critical vulnerabilities and 87 less dangerous issues, as part of its January 2023 Patch Tuesday. The already exploited vulnerability – CVE-2023-21674 – allows hackers to gain unauthorized access to both system and user data and elevate their privileges in the system they attack. It hasn’t been made public yet how exactly CVE-2023-21674 is used in the wild.
Other critical vulnerabilities were found in various Windows and Office components. Though there are no reports of active exploitation of these CVEs, they may still become a problem in the future.
We recommend you install the latest update as soon as possible to protect your devices. For instructions, see the Microsoft Support pages for both Windows and Office.