Microsoft has released security updates to fix at least 70 vulnerabilities in Windows and related products, five of which are zero-day flaws that are already being exploited.
Two of the zero-day flaws affect the Windows Common Log File System driver, which is a critical component used for logging services and is widely used by Windows system services and third-party applications.
The flaws allow attackers to elevate their privileges on a vulnerable device, giving them access to powerful Windows accounts and permissions, such as the ability to disable security tools or gain domain administration level permissions.
The other zero-day flaws also include elevation of privilege flaws in the afd.sys, the Windows Ancillary Function Driver, and the Desktop Window Manager (DWM) library for Windows.
Microsoft has also updated Windows 11 with a variety of new AI features, including the controversial Recall feature, which takes screenshots of what users are doing on enabled computers, although Microsoft has tried to prevent it from capturing sensitive information.