Software giant Microsoft has exhorted customers to install security updates for three Windows TCP/IP flaws termed as critical and high severity at the earliest.
This warning was issued on account of high abuse risk and possible denial-of-service (DoS) attacks that could soon target these bugs.
The three TCP/IP security flaws affect computers running Windows client and server versions beginning with Windows 7 and higher.
Tracked as CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086, they are all exploitable remote by unverified hackers.
Two of them divulge unpatched systems to remote code execution (RCE) attacks, while the third one allows hackers to cause a DoS state, taking down the targeted device.
The Microsoft Security Response Center team said: “The DoS exploits for these CVEs would allow a remote attacker to cause a stop error. Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic.”
“The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are not likely in the short term.”
“We believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, we recommend customers move quickly to apply Windows security updates this month.”