This month Microsoft released patches for multiple serious vulnerabilities in the Windows TCP/IP network stack (including CVE-2021-24074, CVE-2021-24094)[1,2]. These vulnerabilities can allow for remote code execution. Additionally, Microsoft appears to have released patches for Windows 7 and Windows Server 2008 which are officially no longer supported.
- Windows servers managed by the Windows Team will be patched by that team.
- Berkeley Desktop systems running Windows 8.1 and above will automatically be updated and prompt users for a reboot.
- Systems using BigFix for patch management on Windows 8.1 and above are being patched automatically and the patch will be implimented over the next couple of days.
Microsoft Windows 7 and above
Microsoft Windows Server 2008 and above
If you can patch the vulnerability, please do so.
If you are running Windows 7 or Windows Server 2008 confirm that the proper patches are downloaded and applied. [3,4]
If prompted for a reboot because of patches, please do so at the earliest opportune time.
If immediate patching is not an option see the Workarounds for each of these issues. [5,6]
Notify firstname.lastname@example.org if you anticipate any delays.