lifehacker.com Open in urlscan Pro
151.101.66.166  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * The A.V. Club
 * Deadspin
 * Gizmodo
 * Jalopnik
 * Jezebel
 * Kotaku
 * Lifehacker
 * The Root
 * The Takeout
 * 
 * The Onion
 * 
 * The Inventory

Do everything better

ShopSubscribe

HomeLatestFood & DrinkTechHealthMoneyHomeParentingWorkRelationshipsTravelLife in
General
Do everything better


 * Home
 * Latest
 * Food & Drink
 * Tech
 * Health
 * Money
 * Home
 * Parenting
 * Work
 * Relationships
 * Travel
 * Life in General

AboutLifehacker AdvisorLifehacker Store
Explore our other sites
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 

AdvertisingPrivacyJobsTerms of Use
 * 
 * 
 * 
 * 
 * 

© 2022 G/O Media

HomeLatestFood & DrinkTechHealthMoneyHomeParentingWorkRelationshipsTravelLife in
General





Advertisement


Security


YOU NEED TO UPDATE WINDOWS RIGHT NOW


THE LATEST WINDOWS PATCH FIXES 75 VULNERABILITIES, INCLUDING ONE EXPLOITED FLAW.

By
Jake Peterson

5/11/22 10:00AM

Comments (10)
Alerts



Photo: diy13 (Shutterstock)


Yesterday (May 10) was Microsoft’s “Patch Tuesday,” and it’s not one to be
ignored. The new system update patches 75 Windows security vulnerabilities,
including three zero-day flaws—one of which has been actively exploited, making
it imperative you safeguard your computer as soon as possible.






Microsoft defines a zero-day flaw as any vulnerability that is either made
public or exploited before there is a patch. If we go by that definition here,
two of these zero-day flaws were previously publicized, but haven’t been taken
advantage of (that we know of), since Microsoft confirmed the third has been
exploited.

RELATED STORIES

You Should Know How to Scan a QR Code From a Screenshot
How to Fix Slow Messaging on Your Pixel
How to Watch Google I/O 2022 (and What to Expect)

The exploited flaw, identified as CVE-2022-26925, is a Windows LSA spoofing
vulnerability. Below is Microsoft’s description of the issue:

> An unauthenticated attacker could call a method on the LSARPC interface and
> coerce the domain controller to authenticate to the attacker using NTLM. This
> security update detects anonymous connection attempts in LSARPC and disallows
> it.

Advertisement




Essentially, the flaw allows bad actors to hijack the authentication process:
Windows will think these users have properly authenticated themselves, and will
grant elevated permissions to them without merit. From here, these users could
take over a domain controller, giving them access to a dangerous level of access
to a Windows server.



Unlike the other 74 vulnerabilities identified here, including the two zero-day
flaws, this exploit is not theoretical: it could be exploited on any system that
doesn’t install the patch. However, now that the spotlight is on those other two
zero-day vulnerabilities, they could also turn into exploited flaws at any
moment. Those two flaws are identified as CVE-2022-22713, a denial of service
vulnerability, and CVE-2022-29972, a remote code execution vulnerability.


APPLE AIRPODS PRO

Sounds good
Active Noise Cancellation to help you stay immersed, feature other modes of
listening to suit your environment and adaptive EQ balancing.


Buy for $175 at Amazon


While 75 patches is a lot of fixes, it’s hardly record-breaking. The last time
we covered a Windows patch, Microsoft had fixed 128 vulnerabilities. That’s not
to undermine the importance of this update, however. To protect yourself against
these three security vulnerabilities, as well as the entire list of issues
Microsoft has patched, install the new update as soon as possible. There are
specific updates for various versions of Windows, including 7, 8.1, 10, 11, and
Windows Server.


HOW TO INSTALL THE LATEST WINDOWS PATCH ON YOUR PC

Windows will automatically update your PC when a security update is available,
but you don’t need to sit by and wait. To protect your system as quickly as
possible, you can trigger the update manually. Head to Settings > Windows Update
> Check for Updates.

Advertisement




[Bleeping Computer]

Subscribe to our newsletter!
Get our best hacks, tips and tricks delivered straight to your inbox every day.
Enter your emailSign Me Up
By subscribing you agree to our Terms of Use and Privacy Policy.

  


Advertisement







TechSecurity




Featured Videos
Video Player is loading.
Play Video
Pause
Unmute

Current Time 0:04
/
Duration 0:45
Loaded: 91.76%


0:04
Stream Type LIVE
Seek to live, currently playing liveLIVE
Remaining Time -0:41
 
Playback Rate

1x
Chapters
 * Chapters

Descriptions
 * descriptions off, selected

Captions
 * captions off, selected

 * Quality
 * 240p
 * 480p
 * 720p
 * 1080p
 * Auto, selected

Audio Track
 * default, selected

Fullscreen

This is a modal window.


Turn Crappy Rosé Into a Surprisingly Good Cocktail Syrup
How Much RAM Do You Really Need?
Friday 4:06PM
5 of Our Favorite Cult Classic Movies
Wednesday 1:30PM

You may also like
Gizmodo
Billionaires Sent to Space Weren't Expecting to Work So Hard on the ISS

Today 6:31AM
Deadspin
White fans were entertained by Black athletes a day after a racist killed Black
people in Buffalo — this is what white supremacy l...

Yesterday 1:17PM
Gizmodo
Elon Tells Twitter: Prove That Bots Aren't a Big Deal, or I Sink This Buyout

2 hours ago


Recommended from G/O Media
Space Force’s Mysterious Unit Logos, Ranked
5/5/2022, 8:35 PM

10 Surprising Ways to Use Windex Around Your Home
5/9/2022, 2:30 PM

8 On-Screen Food Fights We Want to Join
5/6/2022, 3:00 PM