CISA Urgently Warns To Patch This Active Security Flaw In Windows 11, 10 And Windows Server

CISA orders windows security patch news
We reported a week ago on a security vulnerability in Windows that multiple publicly available exploits can leverage to gain elevated privileges. We advised readers to apply the patch for this vulnerability as soon as possible, and now the Cybersecurity and Infrastructure Security Agency (CISA) is ordering federal agencies to apply the patch as well.

This security vulnerability, which is listed as CVE-2022-21882 in the Common Vulnerabilities and Exposures (CVE) system, bypasses a patch Microsoft released last year for CVE-2021-1732. The older vulnerability was found to have been actively exploited from May of 2020 until Microsoft released its patch in February 2021. 

CISA orders windows security patch exploit news
Exploit used to launch notepad with administrator privileges

Not long after the new vulnerability was publicly disclosed by Microsoft, exploits leveraging the vulnerability were publicly released and confirmed to work. However, CISA has now released a notice stating there is evidence that threat actors are actively exploiting the vulnerability. CISA has responded by adding the vulnerability to its known exploited vulnerability catalog.

According to the notice, Federal Civilian Executive Branch (FCEB) agencies are required to apply the patch to all their systems by February 18, 2022. The vulnerability affects Windows 10 and 11, in addition to Windows Server 2019 and 2022, so FCEB agencies will need to update all systems running these editions of Windows. Everyone not under the jurisdiction of CISA’s order should update their systems too, as the vulnerability has a high severity rating of 7.8 in the National Vulnerability Database (NVD).

Microsoft released its patch for the vulnerability back in January as part of its Patch Tuesday updates. However, as we noted in our coverage last week, Windows Server admins may have been hesitant to apply the patch or may even have rolled back to the previous version after initially installing the update. The update originally included bugs that caused Windows domain controllers to boot loop, blocking Hyper-V initialization, disabling ReFS support, and breaking certain types of IPSEC connections. Microsoft has since released fixes for these bugs, and Windows Server admins should now go ahead with January’s update in order to apply the patch for the elevation of privileges vulnerability.