Skip to main content
  1. Home
  2. Computing
  3. News

You definitely want to install these 90 Windows security patches

By

Windows 11 logo on a laptop.
Microsoft

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC’s system, highlighting the need to keep your Windows computer updated.

Recommended Videos

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro’s Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Related

“An attacker could leverage this vulnerability by enticing a victim to access a specially crafted file, likely via a phishing email,” Scott Caveza, staff research engineer at Tenable, said about CVE-2024-38200. He said, “Successful exploitation of the vulnerability could result in the victim exposing New Technology Lan Manager (NTLM) hashes to a remote attacker. NTLM hashes could be abused in NTLM relay or pass-the-hash attacks to further an attacker’s foothold into an organization.”

The development has caught the eye of the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add these Flaws to the Known Exploited Vulnerabilities (KEV) catalog. Federal agencies have until September 3, 2024, to apply these fixes. The update also takes care of a privilege escalation flaw found in the Print Spooler component (CVE-2024-38198, CVSS score:7.8) that gives attackers system privileges.

  • CVE-2024-38189 (CVSS score: 8.8) — Microsoft Project Remote Code Execution Vulnerability
  • CVE-2024-38178 (CVSS score: 7.5) — Windows Scripting Engine Memory Corruption Vulnerability
  • CVE-2024-38193 (CVSS score: 7.8) — Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2024-38106 (CVSS score: 7.0) — Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2024-38107 (CVSS score: 7.8) — Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
  • CVE-2024-38213 (CVSS score: 6.5) — Windows Mark of the Web Security Feature Bypass Vulnerability
  • CVE-2024-38200 (CVSS score: 7.5) — Microsoft Office Spoofing Vulnerability
  • CVE-2024-38199 (CVSS score: 9.8) — Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
  • CVE-2024-21302 (CVSS score: 6.7) — Windows Secure Kernel Mode Elevation of Privilege Vulnerability
  • CVE-2024-38202 (CVSS score: 7.3) — Windows Update Stack Elevation of Privilege Vulnerability

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Microsoft could make account-free Windows 11 installs a thing of the past
Windows 11 logo on a laptop.

The offline Windows 11 install looks like it could officially be a thing of the past. 

Microsoft is officially shutting the door on local accounts during Windows 11 setup, confirming that all new installations, Home and Pro alike, will now require a Microsoft account. 

Read more
Microsoft sign-in gets redesign and, more importantly, dark mode
microsoft dark mode sign in.

Microsoft is rolling out a new authentication process for services like Outlook, Xbox, Windows, and Microsoft 365. The practical aim is to focus more on passwordless logins and the visual aim is apparently to step back from "product-centric" design and lean into "Microsoft-centric design" (whatever that means).

Passwordless login refers to other forms of authentication, namely face ID, fingerprint ID, or PIN -- sometimes collectively referred to as passkeys. Although a PIN is still a set of numbers or letters that you type in to get access to your accounts, they're safer than passwords thanks to the way they're stored. Instead of information being transmitted to and stored on servers that bad actors are constantly trying to break into,  your PIN is kept securely stored on your device.

Read more
Can’t install Chrome? You aren’t alone, and here’s a fix
Lenovo Tab Extreme showing Chrome.

If you have tried to install Google Chrome only to be met with an error, here's the good news: it's not just you. The problem first popped up yesterday with widespread reports on Reddit and other social media platforms, and it appears to stem from a bug on Google's end. Essentially, users are getting the wrong version of Chrome when they try to download it. It's an irritating problem, but one that's relatively easily repaired.

Computers that use Intel and AMD chips are the most affected, as they're receiving a version of Chrome designed to be used with Snapdragon chips. However, some intrepid users have already found a workaround that will help you get your favorite browser installed until Google issues a correction.

Read more