The title of this news post might seem a bit loaded to some readers, but it is as alarming as it is true in every respect. However, there is still a silver lining to this development, which is that leading tech companies are doing their bit in being transparent and proactive.
Had these vulnerabilities been “pushed under the carpet”, it would have been far more damaging for the mostly unsuspecting users, both individuals and enterprises. This latest patch was released by Microsoft on Tuesday, May 10th, 2022.
This large “package” of security patches also includes the fix for a zero day bug. Just for information’s sake, zero day bugs are serious security vulnerabilities regarding which even the developer or vendor of a software remains unaware, up to a certain point in time.
Not that any security risk or vulnerability can be played down, it is still an industry practice that the identified issues in a software or application are rated in terms of their severity, and the impact they can have in case they are exploited by any threat actor.
Out of the total 74 vulnerabilities that this latest patch fixes, 7 were rated as being of critical nature. A whopping 66 of the total 74 vulnerabilities fell into the important category, meaning that these were also not to be taken lightly in any way.
Just 1 of the total 74 patched vulnerabilities was rated as low in terms of severity. Without going into too much technical details, the nature of vulnerabilities ranges between remote code executions, elevation of privilege, information disclosure and denial of service.
Among these 74 vulnerabilities in all, 2 were reportedly to be publicly known. One more very interesting element of this issue is that out of the total 74 vulnerabilities, 30 were reported by a single cyber security company called Cyber-Kunlun.
In addition to the release of this major patch by Microsoft, other leading global software and application vendors have released their patches too, as a lot of their services are directly or indirectly related to Microsoft’s product line.
The release of this patch signifies two very important things. Firstly, companies will need to be much more transparent and proactive when it comes to security vulnerabilities. Secondly, end users should waste no time in getting their systems patched quickly.