The first major updates of the year from software developers pack a bit of a punch. Microsoft released a swath of vulnerability fixes in what has become known as Patch Tuesday. Tap or click here to find out why you are seeing more ads on Microsoft Edge.
Close to 100 flaws are being addressed in the latest round, and it also fixes six zero-day exploits. Those are the most severe, as hackers and cybercriminals are already aware of the flaws and could be used in cyber attacks.
Read on to find out what’s being patched and how to get this critical update.
Here’s the backstory
If you need further proof of why you need to update your computer regularly, look no further than the first Patch Tuesday of 2022. The update, which is currently being made available to Windows users globally, fixes 96 vulnerabilities.
The majority of the operating system corrections prevent remote code execution (RCE) exploits, hackers that try to escalate privileges, several spoofing problems, and cross-site scripting (XSS) vulnerabilities.
Windows users that have popular programs like Microsoft Exchange Server, Microsoft Office, or Microsoft Teams installed are particularly susceptible to the flaws this update fixes. Other patches address internal components like Windows Certificate, Windows Defender, and Microsoft’s Cryptographic Services.
The six zero-day exploits, while dangerous, have thankfully not yet been used by hackers. The Zero Day Initiative (ZDI) said in a blog post this amount of fixes in January is rather unusual.
“Over the last few years, the average number of patches released in January is about half this volume. We’ll see if this volume continues throughout the year. It’s certainly a change from the smaller releases that ended 2021,” ZDI said.
Two zero-days target Windows’ server capabilities, where a hacker can execute malicious code to gain entry into a network. Most Windows users won’t have to deal with server problems, but another zero-day exploit targets Microsoft Office.
Usually, when you open an infected text file, you’ll receive a warning. This Remote Code Execution exploit side-steps the warning and is never triggered.
What you can do about it
It is always good practice to update your computer or any device to the latest software or firmware version. Doing so will give you an edge over attackers as you plug any loopholes that could be exploited.
To update your Windows PC, follow the steps below:
- Tap the Windows button
- Click on Settings
- Select Update & Security
- By default, the Windows Update page will be displayed
- If an update is available, click the Install Now button
Adobe also released several patches. The five separate updates address flaws in Acrobat and Reader, Illustrator, Adobe Bridge, InCopy, and InDesign. A total of 41 vulnerabilities were fixed, with the bulk attributed to Acrobat and Reader.