Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By
Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Recommended Videos

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Windows 11 can now use AI to respond to your text messages
The Phone Link app being used on a phone and laptop screen.

Microsoft has started rolling out a helpful Suggested Replies feature in the Phone Link app that gives users AI-powered text suggestions for quick replies to their messages, the software giant stated in a Support blog post.

The new feature uses Microsoft's Cloud AI models to create short replies to specific messages, resulting in faster response times. It is rolling out in Phone Link version 1.24082.137.0 for Windows 11 24H2 and 23H2. You don't need to be in the Windows Insider Program to try out the feature, but you won't see the Suggest Replies feature on all messages. You'll only see the suggestions when the Phone Link's AI can understand the message.

Read more
It’s official — Microsoft WordPad is dead after 29 years
A screenshot of Microsoft WordPad running on Windows 11.

The Windows 11 2024 Update, otherwise known as version 24H2, started rolling out yesterday, but if you've already updated, you might notice something is missing. WordPad's deprecation has become a reality, as it has been completely removed from the new version of Windows 11.

This might not be a big deal to most users -- the lack of people using the app is part of the reason it was deprecated, after all. If you don't know, WordPad has been around since Windows 95, and in terms of features and functionality, it offers more than Notepad, but less than Microsoft Word.

Read more
Microsoft is finally making Copilot+ laptops useful for AI
Microsoft Surface Pro 11 front view in tablet mode.

Microsoft's Copilot+ PC initiative has been a smash hit, with many of them landing among the best laptops, but not for the AI hardware inside. Now, finally, Microsoft is putting the neural processing unit (NPU) inside Copilot+ PCs to good use. Starting today and going throughout the next two months, Microsoft will begin rolling out the 24H2 update for all Windows 11 PCs, and in the process, unlock several features for Copilot+ PCs, including the highly controversial Recall.

Recall is definitely the star of the show here, which will start showing up on Copilot+ laptops with a Snapdragon X chipset throughout October. Last week, Microsoft laid the groundwork for the release of Recall, detailing the security architecture of the feature and addressing some major criticisms of it. Now, for example, Recall is turned off instead of on by default. Microsoft is also allowing users to filter websites and giving users more control over their snapshots, including deleting them all.

Read more