Microsoft has issued a critical security update addressing CVE-2023-5764, a vulnerability affecting multiple Windows versions. Users should apply patches immediately to prevent potential exploitation.
Microsoft has released a critical security update to address CVE-2023-5764, a vulnerability that could allow attackers to execute arbitrary code on affected systems. The vulnerability affects multiple versions of Windows operating systems and has been assigned a CVSS score of 8.1 (High severity).
The security flaw exists in the Windows kernel component and could be exploited when a local attacker runs a specially crafted application. Microsoft reports that exploitation of this vulnerability could lead to complete system compromise, allowing attackers to install programs, view/change/delete data, or create new accounts with full user rights.
Affected Products and Versions
- Windows 10 Version 1809 and later
- Windows Server 2019 and later
- Windows 11 (all versions)
- Windows Server 2022
Mitigation Steps
- Enable automatic updates or manually check for updates through Windows Update
- Install the security update released on October 10, 2023
- Verify installation by checking the installed KB number: KB5030219
- Restart systems after installation to complete the patching process
Timeline
- Vulnerability discovered: September 2023
- Patch development completed: October 2023
- Security update released: October 10, 2023
- Automatic deployment began: October 11, 2023
Microsoft recommends that all affected users apply this security update as soon as possible. Organizations with managed systems should prioritize deployment through their standard patch management processes. The company has not observed any active exploitation of this vulnerability in the wild, but given the severity, immediate action is advised.
For additional technical details about the vulnerability and patch deployment, visit the Microsoft Security Update Guide.
Comments
Please log in or register to join the discussion