Critical Windows Zero-day updates.
Microsoft has released several numbers of windows updates this month, but this zero-day was not included within the rolling update release. CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086 have been released this Tuesday, and they address the above CVE which are aimed at TCP/IP stack, which allows the operating system to connect to the internet.
First, two bugs (CVE-2021-24074, CVE-2021-24094) apply fixes for remote code execution vulnerabilities that could allow attackers to take over Windows systems remotely.
The third bug (CVE-2021-24086) could be used to crash Windows devices.
"The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely [to be exploited] in the short term,"
"It is essential that customers apply Windows updates to address these vulnerabilities as soon as possible," Microsoft said.
This update has been released to Windows 10 and Server.