The company is urging customers to download and install the latest security patch, according to a message issued by the Microsoft Security Response Center. This update addresses several vulnerabilities for Windows 11 and Windows Server 2022 users. What’s the big deal? The update plugs around 120 security holes, which includes six zero-day patches. That’s par for the course these days, but one of the flaws patched is “wormable,” which is far more dangerous. A wormable threat can self-propagate, meaning that no humans are needed for an attack to spread from one computer to the next. This HTTP Protocol Stack Remote Code Execution vulnerability, affectionately named CVE-2022-21907, is not known to be active, but the company is not taking any chances. “The vulnerable component is bound to the network stack, and the set of possible attackers extends beyond the other options listed, up to and including the entire Internet,” Microsoft wrote. Microsoft considers nine more of these flaws to be critical, meaning ne’er-do-wells could use them to remotely access any affected computer system. The company addressed the last wormable threat in May 2021, and less than a week later, computer code exploiting the flaw was posted online. In other words, check for and install system updates immediately.
