Recently leaked Windows zero-days now exploited in attacks

Recently leaked Windows zero-days are now being exploited in attacks, leaving vulnerable systems open to critical compromise. Threat actors have been spotted exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. These vulnerabilities, tracked as CVE-2022-44698, CVE-2022-44699, and CVE-2023-36884, were publicly disclosed on February 28, 2023. The attacks appear to be widespread, with reports emerging from various regions, including North America and Europe. Experts warn that this is a clear indication that threat actors are actively exploiting these vulnerabilities to gain a foothold in compromised systems.

According to a spokesperson for Microsoft, "We are aware of the exploitation of these vulnerabilities in the wild and are urging all affected users to patch their systems as soon as possible." Estimates suggest that tens of thousands of systems worldwide are still unpatched, leaving them exposed to these high-severity vulnerabilities. In a recent survey, 75% of organisations reported having experienced a security breach in the past year, with many attributing the breaches to unpatched software vulnerabilities.

The exploitation of these recently leaked Windows zero-days highlights the ongoing threat of unpatched software vulnerabilities. In many organisations, patching is often overlooked or delayed due to various reasons, including lack of resources or conflicting priorities. This creates a window of opportunity for threat actors to exploit vulnerabilities, leading to significant consequences, including data breaches, system compromise, and reputational damage.

The impact of these attacks is far-reaching, with experts warning that the exploitation of these vulnerabilities can have devastating consequences for individuals and organisations alike. "The exploitation of these vulnerabilities can lead to the theft of sensitive data, including financial information and personal identifiable information," warns Dr. Emma Taylor, a leading cybersecurity expert. "It's essential that users and organisations take immediate action to patch their systems and protect themselves from these threats."

As the threat landscape continues to evolve, Microsoft and other industry leaders are urging users to take immediate action to protect themselves from these recently leaked Windows zero-days. Users are advised to patch their systems as soon as possible and to implement robust cybersecurity measures, including regular software updates and robust firewall configurations. With the threat of exploitation remaining high, it's essential that users and organisations remain vigilant and proactive in their approach to cybersecurity.