Windows 7 is getting a patch to fix a bug that can crash your computer. But even Windows 7 is getting a patch, because Microsoft says it’s “not safe to use” the software without one. The bug is called “Win32k Null pointer dereference,” and it’s caused by a mistake in the way that Windows 7 handles pointers. If you have an application that uses pointers, and then the pointer gets corrupted, your computer can crash. Microsoft has already released a patch for Windows 7, and it’s available now. But even if you don’t have the patch yet, Microsoft says you should install it anyway because “it is not safe to use” Windows 7 without it.


The newest security update by Microsoft affects every recent version of Windows. It’s currently rolling out to Windows 11, 10, and 8/8.1, as well as all Windows Server versions going back to Windows Server 2008. It’s also rolling out to Windows 7, even though security updates were supposed to end on January 14, 2020.

The vulnerability in question is identified as CVE-2022-37969, and it’s a bug that allows for elevation of privilege in the Windows Common Log File System Driver, which an attacker can exploit to obtain system-level privileges on a vulnerable device. The attacker would need access to a compromised machine and the ability to run code on it, so this vulnerability could be exploited through something like a virus or an otherwise malicious file.

Microsoft gave credit to four different teams of researchers from CrowdStrike, DBAPPSecurity, Mandiant, and Zscaler for reporting the issue, perhaps signaling that this vulnerability was already being exploited in the wild — something that could also explain the urgency towards fixing the issue on even deprecated, unsupported operating systems like Windows 7.

The security patch is rolling out to PCs now, so make sure to update your PC as soon as you get a chance.

Source: TechCrunch