Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By
Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Recommended Videos

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
The best Copilot+ laptops that you can buy now
The two sizes of the Galaxy Book4 Edge on a table.

Copilot+ PCs represent a new era for Windows. Microsoft's implementation of AI is key to these new devices, of course, but so is the transition to Arm. Although Copilot+ isn't limited to Qualcomm's Arm chips, right now they have exclusivity because of the required 40 Tera Operations Per Second (TOPS) performance of the neutral processing unit (NPU) in these devices.

That means these new laptops are thin, powerful, and have fantastic battery life -- a fantastic antidote to the MacBook Air. Though we haven't reviewed any in-depth yet, here are our favorites from among the ones we've seen in person so far.
Microsoft Surface Laptop

Read more
This background process may consume up to 20% CPU usage
The Phone Link app being used on a phone and laptop screen.

A bug that was first spotted almost two weeks ago in a recent Windows 11 build is still there, and while Microsoft has acknowledged it, there have been no updates as to when a fix might be released. The issue stems from a feature that should otherwise run in the background and suddenly results in up to 20% CPU usage when idle. We're talking about the Windows Cross Device Service.

The service in question helps your Windows PC connect and share files across other devices. For most of us, that means features such as Phone Link, which is Microsoft's attempt at replicating Apple's seamless ecosystem. It can be used to send texts, download photos, and use apps from your computer without having to pick up the phone. However, with the new bug, you might be better off disabling the Cross Device Service entirely.

Read more
Windows may let you purge your PC of AI
Person sitting and using a Windows Surface computer with Windows 11.

Microsoft raised some serious privacy and security concerns with the upcoming launch of the controversial AI feature Recall as part of Copilot+ PCs. This led to Microsoft making changes to Recall, including making it opt-in rather than on by default. And now, according to an X (formerly Twitter) thread, Microsoft is giving you even more control over what apps can use AI.

The new feature will reportedly be found in Settings > Privacy & Security section > Let app use Generative AI. Users can toggle the feature on or off with a single click and select which specific apps are granted AI access. The idea is to give you more control over what apps and users can use generative AI.

Read more