Update Your Windows PC As Soon As Possible
Your computer needs another update. Microsoft just released the Windows April 2024 patch , which contains fixes for a whopping 149 bugs. While it is important to patch all of these vulnerabilities as soon as possible, this update is especially important because two of the 149 vulnerabilities are zero-day vulnerabilities.
Zero-day vulnerabilities are security holes whose exploitation is widely known. This means that at least someone, somewhere, not only knows about the vulnerability, but has also taken advantage of it against others. This April 2024 update patches two such zero-day attacks, meaning your PC is especially vulnerable to these exploits until you install the patch.
The first zero-day vulnerability, tracked as CVE-2024-26234 , is a proxy driver spoofing vulnerability. Microsoft has not disclosed any further information about the vulnerability, but cybersecurity firm Sophos says it has discovered a malicious executable file (Catalog.exe) signed by Microsoft Windows Hardware Compatibility Publisher. This executable file is associated with Hainan YouHu Technology Co. publishing house. Ltd, which also publishes LaiXi Android Screen Mirroring, used to manage batches of smartphones for mass social media marketing activities.
The malicious file is embedded in an authentication program that now contains an effective backdoor to control network traffic on the victim’s system. Sophos says there is no evidence that LaiXi intended to inject the malware into its program, nor is there evidence that the attackers injected it themselves, so it is unclear how this happened.
The second zero-day vulnerability, tracked as CVE-2024-26234 , is a SmartScreen Fast Protection feature bypass vulnerability that allows attackers to bypass your computer’s Microsoft Defender Smartscreen systems. Attackers can send a malicious file via email or another messaging platform, and they will have to trick victims into opening the malicious file using a launcher that bypasses the system user interface.
Both of these zero days are reasons to patch immediately, but there are many other vulnerabilities fixed that make this update important. One flaw allows attackers to steal credentials from a system via a confidential Microsoft Azure Kubernetes service container. While Microsoft is not aware of this vulnerability being actively used in real life, you shouldn’t leave yourself vulnerable in case someone figures out how to exploit it.
How to install the April 2024 patch on your computer
To install this patch on your computer, select Start > Settings > Windows Update (Windows 11) or Start > Settings > Update & Security > Windows Update (Windows 10) , then click Check for Updates . As soon as you see the update, install it.