Skip to Content
Microsoft Patch Tuesday
© Vladyslav Yushynov | Dreamstime.com
Technology

Update your Windows PC now to patch 2 zero-days, 119 other flaws

It’s been six months since Microsoft began rolling out Windows 11, and as usual, it’s been a work in progress. This is normal for a new operating system as developers work out the bugs and release updates.

One of the most significant changes with Windows 11 is the new Apple-like interface. The taskbar was also overhauled to make it easier to find your most-used apps. More changes coming to the new OS include automatic framing, background blur and background noise suppression. Tap or click here for details.

There’s a trend for tech companies to gather updates and release them on the second Tuesday of every month. This is known as Patch Tuesday. Microsoft released an update this week to patch some critical flaws. Read on for more details and how to get the update.

The latest updates

Microsoft’s Patch Tuesday for April 2022 addresses more than 100 flaws and two-zero day vulnerabilities. A number of these were labeled as critical. The number of fixes is higher than in March, which included 71 vulnerability fixes.

The bugs fell under various categories, including Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Denial of Service, Spoofing and Information Disclosure.

Among the products and services affected by the bugs were Skype for Business, Visual Studio, Windows App Store, Windows Defender, Microsoft Office Excel, Windows File Explorer, Windows Media, Windows Upgrade Assistant, Microsoft Edge (Chromium-based) and more.

Zero-day fixes

Microsoft describes a zero-day vulnerability as “a flaw in software for which no official patch or security update has been released.” Two of these flaws were fixed with the latest update:

  • CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. According to its Exploitability Index, Microsoft is aware of this vulnerability being exploited. Treat this as the highest priority.
  • CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability. This vulnerability has not been used in any attacks, though Microsoft is aware that past instances of this type of vulnerability were exploited. Treat this one as a high priority.

Critical fixes

Among the fixes that fell under the critical category were:

  • CVE-2022-24541 – Windows Server Service Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be difficult for the attacker. The priority here is on the lower side.
  • CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks, though Microsoft is aware that past instances of this type of vulnerability were exploited. Treat this one as a high priority.

Update your Windows PC now

Updating Windows gets you the latest fixes and security improvements, helping your PC run more efficiently while keeping up its defenses.

To update Windows 10:

  • Go to Start > Settings Update & Security > Windows Update. Then select Check for updates. If an update is available, select Download and install now.

To update Windows 11:

  • Go to  Start Settings > Windows Update Check for updates. If an update is available, select Download and install now.

Keep reading

Here’s why you shouldn’t wait for your iPhone to update on its own

6 ways to simplify using Windows 11

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days