Microsoft has addressed 128 security flaws, 10 of which are critical, as part of this month's Patch Tuesday, Threatpost reports.
"This large volume of patches hasn’t been seen since the fall of 2020. However, this level is similar to what we saw in the first quarter of last year," said Trend Micro Zero Day Initiative researcher Dustin Childs. Among the patched vulnerabilities, threat actors have already exploited the privilege escalation
flaw, tracked as CVE-2022-24521, which was identified and reported by the National Security Agency.
While the impact of the exploitation is yet to be determined, Childs urged for immediate patching, a sentiment shared by Immersive Labs Director of Cyber Threat Research Kevin Breen.
"Being the type of vulnerability for escalating privileges, this would indicate a threat actor is currently using it to aid lateral movement to capitalize on a pre-existing foothold," Breen said. Meanwhile, Virsec Principal Architect Danny Kim said that the most concerning critical flaw, tracked as CVE-2022-26809, could enable code execution with high privileges.