Microsoft released its monthly patches this week to fix 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe. One of the vulnerabilities (CVE-2022-24521 Windows Common Log File System Driver Elevations of Privilege) is being actively exploited by APT groups according to the National Security Agency, so addressing this flaw is a priority for organizations.

According to Microsoft, “Microsoft is aware of an instance of this vulnerability being exploited. As such, customers who have reviewed the security update and determined its applicability with their environment should treat this with the highest priority.”

It is challenging to address hundreds of patches released by manufacturers. Follow the guidance provided by Microsoft and other manufacturers and prioritize those flaws that are known to be actively exploited.