Critical vulnerability in Windows allows hackers to misuse vulnerable devices
Update Windows and Microsoft Office as soon as possible to stay safe.
Microsoft has fixed a zero-day vulnerability that’s already being actively exploited by cybercriminals, along with 10 other critical vulnerabilities and 87 less dangerous issues, as part of its January 2023 Patch Tuesday. The already exploited vulnerability – CVE-2023-21674 – allows hackers to gain unauthorized access to both system and user data and elevate their privileges in the system they attack. It hasn’t been made public yet how exactly CVE-2023-21674 is used in the wild.
Other critical vulnerabilities were found in various Windows and Office components. Though there are no reports of active exploitation of these CVEs, they may still become a problem in the future.