Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By
Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Recommended Videos

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Microsoft won’t back down on Windows 11’s biggest hurdle
The Surface Pro 11 on a white table in front of a window.

Microsoft has reaffirmed that it will not lower the minimum hardware requirements for Windows 11, solidifying the need for a Trusted Platform Module (TPM) 2.0 and a compatible CPU. This decision leaves many older PCs ineligible for the upgrade. Microsoft emphasizes that these standards are vital for improved security and performance.

As per a recent blog post titled “TPM 2.0 – a necessity for a secure and future-proof Windows 11,” Microsoft reaffirmed its decision not to relax Windows 11’s strict hardware requirements. TPM 2.0 is a hardware-based security feature that protects sensitive data and ensures secure boot processes. Microsoft argues that such measures are nonnegotiable as the company continues to address rising cybersecurity threats. The minimum requirements include a list of approved CPUs, starting from AMD Ryzen 2000 and Intel 8th Gen processors, that offer advanced security features and better performance efficiency.

Read more
Windows 11 Recall finally arrives, but with one new problem
Recall screenshot.

The Windows 11 Recall feature has been troublesome since its announcement. Now that the feature is available in a testing capacity, it is still causing users some issues.

Tech reviewers testing the feature have observed that Recall will now fail to save the snapshots that allow the function to work. CNBC noted that it may take “several minutes” for a snapshot to save, which may leave delays in the AI processing. Tom Warren of The Verge, noted on Bluesky that snapshots were not saving at all in his experience.

Read more
Windows 11 remains the driver of growth in PCs, not AI
The Surface Laptop shown in front of a Copilot+ sign.

There's been a lot of talk about AI PCs this year, but has it actually delivered on its promise? A new analysis from TrendForce says the significant boost in laptop sales in 2024 has more to do with Windows 11 updates than it does with fancy new AI features.

"The impact of AI-integrated notebooks on the overall market remains limited for now," the report states. "However, AI features are expected to naturally integrate into notebook specifications as brands gradually incorporate them, resulting in a steady rise in the penetration rates of AI notebooks."

Read more