Update Your PC Now to Fix These Hotly Exploited Security Vulnerabilities

The Internet can be a fun place, but it can also be dangerous. After all, hackers are going to hack and you might just be in their crosshairs. One of the easiest things you can do to protect yourself is to keep your PC up to date with the latest security patches, and Microsoft released a new one yesterday.

As reported by Bleeping Computer , yesterday, May 9, Microsoft released its latest patch on Tuesday. With it, the company fixed 38 different issues in Windows, primarily including three zero-day vulnerabilities.

These vulnerabilities are especially troublesome. Zero-day vulnerabilities, as Microsoft defines them, are flaws that are either publicly disclosed or actively exploited without a patch. This means that these three flaws were, at best, known to people outside of Microsoft, or, at worst, they were actively used to attack Windows users. However, in this case, we know that two of these zero days were used in previous attacks. Another zero day has been made public.

One of the actively exploited zero days, identified as CVE-2023-29336, is a privilege escalation vulnerability in the Win32K kernel driver. This allows attackers to elevate privileges to SYSTEM, which is the highest privilege level possible on Windows. This will allow attackers to run tasks and actions on your system in ways that they would not be able to do with standard permissions.

Another actively exploited zero-day vulnerability, CVE-2023-24932, is a secure boot bypass vulnerability that allows attackers to install the BlackLotus UEFI bootkit . UEFI bootkits, such as BlackLotus, are a special type of malware that bypasses security software by being launched early in the Windows boot sequence. Microsoft has additional guidance on how to protect against this vulnerability here .

Both of these zero days are bad news, and as such, you should install this latest Patch Tuesday update as soon as possible. But there are also 36 other vulnerabilities that also make the update important. In order of quantity, this update contains fixes for:

• 12 remote code execution vulnerabilities
• 8 privilege escalation vulnerabilities
• 8 information disclosure vulnerabilities
• 5 denial of service vulnerabilities
• 4 security features bypass vulnerabilities
• 1 spoofing vulnerability

You can find the full list of vulnerabilities fixed in this update in this report from Microsoft .

How to install the latest Microsoft Patch Tuesday update on your computer

To install these 38 fixes on your computer, update the software as usual. If you’re using Windows 11, select Start > Settings > Windows Update . In Windows 10, select Start > Settings > Update & Security > Windows Update . Remember, even though Microsoft has stopped feature updates for Windows 10 , it still supports security updates for the older OS, at least for now.