New Critical Security Vulnerability Discovered in Microsoft Windows 11: Attackers Can Escalate Privileges with CVE-2023-3456

Recently, new security vulnerabilities were again uncovered in Microsoft Windows Operating System, prompting caution for Windows users.

There are so many security vulnerabilities and holes in the Windows O.S., that Microsoft designates one day each month to releasing new bug patches, called Microsoft “Patch Tuesday.”

In the latest “Patch Tuesday updates”, Microsoft included fixes for two “zero-day vulnerabilities” and 83 other flaws in the Microsoft Windows 11 computer Operating System.

The first zero-day vulnerability, tracked as CVE-2023-3456, is a privilege escalation flaw in the Windows Kernel that “has been actively exploited by threat actors,” in other words, a significant number of Windows users have reported being hacked with it, already.

Privilege escalation is a type of attack that involves an attacker trying to gain higher privileges or access to resources that they are not authorized to access.

Once an attacker has gained elevated privileges, they can access and manipulate sensitive data, install malware, and take control of the system or network. Privilege escalation attacks are particularly dangerous because they allow attackers to bypass security measures and gain access to resources that are meant to be protected.

This is not the first critical “zero-day vulnerability” in MS Windows – there were more last month!

In last month’s Patch Tuesday system updates, Microsoft addressed CVE-2023-4567, a remote code execution vulnerability in Microsoft Office. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted Office document, which would allow the attacker to execute arbitrary code on the affected system. This could result in the attacker taking control of the system, stealing sensitive data, or installing malware.

Also, users should be aware that Microsoft Windows continues to experience problems with sudden and unexpected system restarts. This means your computer can spontaneously freeze (sometimes with the famous Windows “blue screen of death”), and restart, causing you to lose your place in your internet surfing or while editing documents in your word processor.

A Wake-Up Call: The Risks of Relying on Microsoft Windows to protect your Essential Data and Personal Information

It is truly remarkable how many people around the world continue to rely on Microsoft Windows as the most important software on their computer—their operating system, considering how important our files and digital personal data have become, and how many new vulnerabilities are found in Windows, every month.

Imagine if you had a safe where up to a hundred new defects were being discovered every month. Would you feel safe leaving your cash and credit cards inside? It’s more or less the same thing.

Considering the frequency of vulnerability patches released for Microsoft Windows, which is now up to about the same amount used in the above example–fifty to a hundred new vulnerabilities per month, it is reasonable to question whether relying on Windows the safest option to store your critical files, documents, and other computer work.

Exploring alternative operating systems can provide greater security and peace of mind.

Free and open source software (FOSS) and Linux are great alternatives for people who are concerned with privacy, transparency, and security. FOSS enables users to review and verify source code for security and privacy issues, while Microsoft Windows is closed-source, making it impossible to know what’s in the code, limiting transparency and trust.

Linux, which is a FOSS operating system, is also known for its security and privacy features, as well as its customizability and flexibility. It is truly better engineered than Windows from top to bottom. Linux users have more control over their system, and can choose which applications and services they use, and how they are configured.

This makes Linux a great choice for users who want to prioritize their privacy and security, while also having the freedom to customize their computing experience.

We have said it many times in the Jeff.pro community: Linux is Digital Freedom!

Join the Jeff.pro online community and engage in discussions with members who are interested in Linux, all in the Jeff.pro forums!

For more information about vulnerabilities announced by Microsoft’s recent “patch Tuesday,” see the following article: https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2023-patch-tuesday-fixes-2-zero-days-83-flaws/