It’s critical that you keep your apps and operating systems updated with the most recent releases. These updates are developed to fix known security flaws and add cool new features. Tap or click here to update your PC the right way.
But the last few months haven’t been great for Microsoft. Several patches have been released to fix multiple Windows operating system issues, and some were even delayed to correct others.
As is customary, Microsoft rolled out a slew of updates for its monthly Patch Tuesday release. In the latest batch, it fixes several issues that hackers could exploit. Keep reading to find out what’s in this latest update.
Here’s the backstory
The latest Patch Tuesday release from Microsoft is full of fixes. This update patches 108 vulnerabilities, 19 of which are classified as “critical” and 89 “important.” There are a total of five zero-day threats patched with this release.
Through the Win32k Elevation of Privilege Vulnerability, hackers can access your computer and take full control of it. It has been labeled as “important” though and not “critical” as user involvement is needed for the exploit to work.
A hacker would need direct access to the victim’s computer or trick the user into initiating the bug. This can be done through malware that gets installed on the computer.
Boris Larin of Kaspersky Labs claims the exploit has been used by a hacker group called BITTER APT.
“We believe this exploit is used in the wild, potentially by several threat actors. It is an escalation of privilege (EoP) exploit that is likely used together with other browser exploits to escape sandboxes or get system privileges for further access,” Larin wrote in a blog post.
The other flaws, like the Windows NTFS Denial of Service Vulnerability, haven’t been actively exploited. But Microsoft did note that they have been publicly disclosed — meaning other parties are aware of them.
What can you do about it?
You should always update your operating system to the latest version and install updates or patches as soon as possible.
Here’s how to make sure your Windows PC is update:
Click the Start Menu and open Settings, click Update & Security, then click Windows Update. From there, you’ll be able to see if updates are available for download. If not, click Check for Updates to force the process.
Manual downloads of all the patches can be found on Microsoft’s Customer Guidance and Security Update Guide.
Update your browser
Unrelated to Microsoft’s updates, Google has also released two patches for its Chrome desktop browser. While not going into many details, both exploits have been labeled as “High” in severity and have actively been exploited by hackers.
Here is how to update your Chrome browser:
- Open the Chrome browser and click on the More icon in the upper-right, which looks like three dots.
- Hover your cursor over Help and click About Google Chrome.
- Chrome will automatically update from this screen if needed. After Chrome updates, click Relaunch.