Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By
Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Recommended Videos

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Microsoft confirms audio bug hitting multiple versions of Windows
Ifi Go Bar DAC/amp dongle for headphones.

Microsoft has confirmed that a recent bug that has been affecting several Windows OS versions will be addressed with a fix; however, users can tackle the issue with a manual stopgap.

The bug is affecting the audio systems of Windows 11 and Windows 10 versions that have installed the January 2025 security update, rendering sounds on PCs non-functional. The malfunction is especially likely to happen if you have an audio DAC (digital-to-analog converter) connected to your computer via USB.

Read more
Microsoft just added a secret file sharing feature to Windows 11
Drag Tray feature on Windows Insiders build.

Another secret feature has been spotted in one of the latest Windows 11 Insider preview builds. Discovered by X user phantomofearth and reported by Tom's Hardware, it appears that Microsoft is trying out a 'Drag Tray' for sharing files. When you pick up a file and drag it toward the top of the screen, a tray will drop down with different sharing options.

The feature was found in Build 22635.4805 but it's not included in Microsoft's release notes, which means there's no saying if or when it will make it to the general release of Windows 11. Anything that makes sharing files easier is a welcome feature, however, so fingers crossed that Microsoft gets it working well and decides to push it to everyone.

Read more
Microsoft’s Copilot app has a new icon, and it’s causing problems
Copilot on a laptop on a desk.

Bad news if you have a PC with a low resolution since Microsoft's new Copilot app icon is almost impossible to decipher on them, according to Windows Central. Microsoft's new logo now includes a bit of text embedded in the icon, which, depending on the resolution of your screen, might be impossible to read.

The poor design has not gone unnoticed online. Users can barely read the icon on their screens when they pin it to the Taskbar, and the lower pixel density makes it even harder to read the icon's text. If you have a Surface Laptop Go, which has a very low resolution display, there is a good chance you had no idea it said "M365." When you first saw it, you may have confused it with text such as MJEG, M366, or M355.

Read more