Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By
Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Recommended Videos

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
You have one year to safely use Windows 10 before you’ll need to pay
Windows 11 logo on a laptop.

Microsoft will be allowing consumers to join its Extended Security Updates (ESU) program for the first time next year, and it announced the program pricing today in a blog post. The official end-of-service date for Windows 10 is October 14, 2025, but by paying $30 to join the ESU program, you can receive an extra year of security updates. This will allow you to continue safely using Windows 10 until around October 2026, a full two years from now.

By the time support for Windows 10 ends, it will be almost exactly four years since Windows 11 launched and a decade since Windows 10 launched. It takes a lot of work to keep an operating system secure and running smoothly, which is why a company like Microsoft can't just endlessly support every version of Windows it's ever shipped. It would end up costing a lot more money than it made -- and that's not how businesses function.

Read more
Microsoft is forced to halt the Windows 11 24H2 update on some PCs
The Surface Pro 11 on a white table in front of a window.

Microsoft’s recent Windows 11 24H2 update is off to a bumpy start. According to a report by Bleeping Computer, users are facing compatibility issues across various hardware and software configurations, prompting the company to temporarily block the update for some devices.

The affected systems include specific Asus laptop models and configurations involving software like Voicemeeter, Safe Exam Browser, and older versions of Easy Anti-Cheat, commonly used in gaming.

Read more
Windows 11 to let you use your phone as a webcam
Using an Android phone as a webcam.

The Windows 11 update 24H2 includes a new feature called Connected Camera that lets you turn your smartphone into a webcam. The folks at PCWorld have tested the feature out, and it looks pretty easy to use, though you do need to have an Android phone to use it.

Using your phone as a webcam -- either for your desktop or your laptop -- isn't new, but native support for it has been patchy. At first, people had to use third-party apps to do the job. Then Apple users got Continuity Camera, and a few years later Android 14 users got a similar feature, too.

Read more