For Windows 11, version 21H2, Microsoft has released the KB5016629 patch. It raises the OS Build number to 22000.856. Microsoft fixes 121 security vulnerabilities for Windows and Office and Server products, some of which are known and are already being used for attacks. You should install the update!

Since some of the problems are already public knowledge and there are already active attacks exploiting the vulnerabilities, Windows users should visit Windows Update as soon as possible and install the latest patches.

Attack via support tool

The CVE-2022-34713 vulnerability is probably the most dangerous because it was not only publicly known in advance, but is also being exploited by attackers. The vulnerability is in the Windows Support Diagnostic Tool (MSDT), a tool designed to collect information about problems on the machine and transmit it to Microsoft.

The software is also often used for support requests and covers a wide spectrum, from audio and internet to storage and update problems. For the attack to work, users must run a modified .diagcab file used for Windows troubleshooting. Because of this user interaction, Microsoft only classifies the problem as important and not as a critical vulnerability.

An executable file is then added to the auto start, which then runs automatically the next time you reboot and can carry out any actions on the infected computer. For example, password theft, branching off of any files or recording of data traffic would be conceivable. According to Microsoft, all current Windows versions are affected. Users should therefore react and import the updates provided.