Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By
Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Recommended Videos

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Microsoft backs off on pressuring Windows 10 users to upgrade
Windows 11 and Windows 10 operating system logos are displayed on laptop screens.

Microsoft has announced that it will ease up the aggressive add tactic to get Windows 10 users to upgrade to Windows 11 after receiving negative backlash from users, as Windows Latest reports. There is no official word on whether stopping the full-screen multipage popups is permanent, but a plan to “share a new timeline in the coming months” was mentioned.

Windows 10 Home users saw these ads, but some Pro and Business users also saw them after rebooting their computers. Regardless of who saw them, the ads’ pause comes as the Windows 10 end-of-life date, October 14, 2025, approaches.

Read more
Windows 11 is losing in gaming performance
The Ryzen 9 9950X between someone's fingertips.

AMD’s newly launched Ryzen 9000 series desktop CPUs are finally available for purchase, and recent performance comparisons suggest that these CPUs perform better on Linux than Windows 11, particularly in gaming scenarios.

A detailed analysis done by PC Games Hardware has shown that when it comes to gaming, Linux outshines Windows 11 on Ryzen 9000 series CPUs. Tests using popular Linux distributions like Nobara, which are optimized for gaming, demonstrate higher frame rates and smoother gameplay compared to the same setups running Windows 11.

Read more
The next Windows 11 update may seriously slow down your SSD
Windows 11 logo on a laptop.

Microsoft may be rolling out a new feature as part of the latest Windows 11 update that will boost security but slow down SSD performance. We're talking about BitLocker, of course, a device encryption feature that will be turned on by default as part of the upcoming 24H2 update.

In the past, BitLocker encryption was available only on Windows Pro editions, but the new update lowers the eligibility criteria, extending encryption capabilities to a broader range of devices.

Read more