Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer

In a traditional patch Tuesday update, Microsoft fixed a total of 128 vulnerabilities in various products and components. Of those, at least 10 are critical, at least two were known before the release of the patches and at least one of them was already actively exploited by unknown attackers. This is why it is a good idea update the operating system and other products as soon as possible.

According to the information available at this moment, CVE-2022-24521 seems to be the most dangerous of the bunch. It is a vulnerability in the Windows Common Log File System (CLFS) driver and is associated with privilege elevation. Despite a not-so-impressive CVSS:3.1 rating (7.8), it’s fairly easy to exploit. Which, in fact, some unknown attackers are already doing. Microsoft patches 128 vulnerabilities in a list of products, including Windows and its components.