Update Windows to Protect Yourself From These Six Security Vulnerabilities
Patch Tuesday is here again: Microsoft releases a major security patch on the second Tuesday of every month , containing fixes for all vulnerabilities the company discovered since the previous month’s patch. While it’s always important to keep your computer up to date with the latest security patches, this Update Tuesday is especially important.
Microsoft has fixed a whopping 90 security flaws in this latest update . 10 of these vulnerabilities are zero-day vulnerabilities, a type of security vulnerability in which the vulnerability is discovered before the developer has a chance to patch it. Of those 10, six were actively exploited, meaning that at least some attackers were exploiting these flaws to attack vulnerable systems. It’s only a matter of time before they figure out how to use the other four.
These are the 10 zero days specified in the update. The six flaws used are in bold:
-
CVE-2024-38106 : Windows kernel elevation of privilege vulnerability.
-
CVE-2024-38107 : Windows Power Dependency Coordinator Elevation of Privilege vulnerability.
-
CVE-2024-38189 : Microsoft Project remote code execution vulnerability.
-
CVE-2024-38193 : Windows Helper Function Driver for WinSock Elevation of Privilege Vulnerability.
-
CVE-2024-38213 : A Windows sign related to a web security feature bypass vulnerability.
-
CVE-2024-38178 : Scripting engine memory corruption vulnerability.
-
CVE-2024-38200 : Microsoft Office spoofing vulnerability
-
CVE-2024-38199 : Windows Line Printer Daemon (LPD) service remote code execution vulnerability.
-
CVE-2024-21302 : Elevation of privilege vulnerability in Windows Secure Kernel Mode.
-
CVE-2024-38202 : An elevation of privilege vulnerability in the Windows Update stack.
Hackers can exploit such vulnerabilities in a variety of ways, depending on the type of vulnerability they exploit. According to The Hacker News , the actively exploited vulnerability CVE-2024-38213 allows attackers to bypass Microsoft Defender SmartScreen, which protects against malware and phishing schemes. All the victim needs to do is process the malicious file that the attacker can send via email. Perhaps your “boss” needs you to open that important Excel document. However, when you do this, it will run the scripts needed to exploit this vulnerability.
But even non-zero-day flaws pose risks: Now that Microsoft has documented 80 other security flaws fixed in this update, attackers could figure out how to exploit them and could target computers that haven’t yet been updated. Installing the update ensures that these vulnerabilities are fixed on your computer, so you don’t have to worry about leaving yourself open to future exploits—at least not for these known security flaws.
This patch applies to both Windows 10 and Windows 11. Even if you haven’t updated your PC to the latest version of Microsoft OS , you can and should install the latest security updates as soon as possible.
How to install the latest Windows security patch
Your computer may have installed this update automatically, but it may take some time. Here’s how to install it manually or check if it’s already installed:
If you’re using Windows 11, go to Start > Settings > Windows Update . If you’re using Windows 10, go to Start > Settings > Update & Security > Windows Update > Check for Updates . If an update is available, you can download and install it from here.