It’s been six months since Microsoft began rolling out Windows 11, and as usual, it’s been a work in progress. This is normal for a new operating system as developers work out the bugs and release updates.
One of the most significant changes with Windows 11 is the new Apple-like interface. The taskbar was also overhauled to make it easier to find your most-used apps. More changes coming to the new OS include automatic framing, background blur and background noise suppression. Tap or click here for details.
There’s a trend for tech companies to gather updates and release them on the second Tuesday of every month. This is known as Patch Tuesday. Microsoft released an update this week to patch some critical flaws. Read on for more details and how to get the update.
The latest updates
Microsoft’s Patch Tuesday for April 2022 addresses more than 100 flaws and two-zero day vulnerabilities. A number of these were labeled as critical. The number of fixes is higher than in March, which included 71 vulnerability fixes.
The bugs fell under various categories, including Remote Code Execution, Elevation of Privilege, Security Feature Bypass, Denial of Service, Spoofing and Information Disclosure.
Among the products and services affected by the bugs were Skype for Business, Visual Studio, Windows App Store, Windows Defender, Microsoft Office Excel, Windows File Explorer, Windows Media, Windows Upgrade Assistant, Microsoft Edge (Chromium-based) and more.
Microsoft describes a zero-day vulnerability as “a flaw in software for which no official patch or security update has been released.” Two of these flaws were fixed with the latest update:
- CVE-2022-24521 – Windows Common Log File System Driver Elevation of Privilege Vulnerability. According to its Exploitability Index, Microsoft is aware of this vulnerability being exploited. Treat this as the highest priority.
- CVE-2022-26904 – Windows User Profile Service Elevation of Privilege Vulnerability. This vulnerability has not been used in any attacks, though Microsoft is aware that past instances of this type of vulnerability were exploited. Treat this one as a high priority.
Among the fixes that fell under the critical category were:
- CVE-2022-24541 – Windows Server Service Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks. Microsoft notes that while exploit code could be created, it would be difficult for the attacker. The priority here is on the lower side.
- CVE-2022-24491 – Windows Network File System Remote Code Execution Vulnerability. This vulnerability has not been used in any attacks, though Microsoft is aware that past instances of this type of vulnerability were exploited. Treat this one as a high priority.
Update your Windows PC now
Updating Windows gets you the latest fixes and security improvements, helping your PC run more efficiently while keeping up its defenses.
To update Windows 10:
- Go to Start > Settings > Update & Security > Windows Update. Then select Check for updates. If an update is available, select Download and install now.
To update Windows 11:
- Go to Start > Settings > Windows Update > Check for updates. If an update is available, select Download and install now.