Early this month a botched security patch left every version of Windows exposed to a zero-day hack. Now millions of Windows users need to be on high alert once more, because it has happened again.  

A new zero-day hack affects all Windows users after Microsoft botched the fix

SOPA IMAGES/LIGHTROCKET VIA GETTY IMAGESMORE FROM FORBESAll Windows Versions Impacted By New Zero-Day Hack, 0patch Buys TimeBy Gordon Kelly

The new vulnerability, which is already being exploited by hackers, was publicly disclosed by security researcher Abdelhamid Naceri. The vulnerability bypasses a previous flaw (CVE-2021-41379), which Microsoft believed it had successfully patched in November, and enables a hacker to elevate privileges allowing them to take over a computer and spread their attacks across the victim’s network. Moreover, the new hack applies to all the latest versions of Windows, including Windows 11, Windows 10 and Windows Server 2022. 

"Talos has already detected malware samples in the wild that are attempting to take advantage of this vulnerability," confirmed Jaeson Schultz, Technical Leader of Cisco's Talos Security Intelligence & Research Group. “This is just more evidence on how quickly adversaries work to weaponize a publicly available exploit."

Microsoft has confirmed the new flaw, telling BleepingComputer: “We are aware of the disclosure and will do what is necessary to keep our customers safe and protected.”