Another month means another round of Patch Tuesday updates from Microsoft and this time, the software giant has fixed 79 different security flaws—including four zero-days that hackers are using in their attacks.
As reported by BleepingComputer, seven of these vulnerabilities are critical and can be exploited to achieve either remote code execution or elevation of privileges. The rest are rated important save one, which is rated moderate.
In total, there are 30 elevation of privilege flaws, 4 security feature bypass flaws, 23 remote code execution flaws, 11 information disclosure flaws, 8 denial of service flaws and 3 spoofing flaws. Fortunately, they’ve now all been patched by Microsoft.
Here’s everything you need to know about the four zero-day vulnerabilities hackers are using in their attacks, along with some steps on how you can keep your own Windows PC safe from cyberattacks.
Actively exploited zero-days
Of these four actively exploited zero-day flaws, one has already been publicly disclosed while we’re just learning about the rest of them.
The first zero-day (tracked as CVE-2024-38014) is a Windows Installer elevation of privilege vulnerability that can be exploited by hackers to gain system privileges on vulnerable PCs. While we know it was discovered by SEC Consult Vulnerability Lab, Microsoft has yet to share any details on how it’s being used in real-world attacks. Once the vulnerability was disclosed though, SEC Consult went ahead and released an open-source tool that scans Windows Pcs for installer files that could potentially be abused to elevate local privileges.
The next zero-day (tracked as CVE-2024-38217) is a Windows Mark of the Web security feature bypass vulnerability. It was publicly disclosed last month, though security researchers believe hackers have been using it in their attacks since 2018. This flaw allows an attacker to avoid Mark of the Web (MOTW) defenses and by using a specially crafted LNK file, hackers can bypass Microsoft’s Smart App Control security feature.
The third zero-day (tracked as CVE-2024-38226) is a Microsoft Publisher security feature bypass vulnerability. When exploited, it allows an attacker to bypass the security protections against embedded macros in documents downloaded from the web. This would let them get around Microsoft Office’s macro policies that are used to block untrusted or malicious files.
The final zero-day (tracked as CVE-2024-43491) is a Microsoft Windows Update remote code execution vulnerability. What makes this flaw particularly concerning is that it can be used to roll back some of Microsoft’s previous fixes for vulnerabilities in some versions of Windows 10 which makes this month’s Patch Tuesday updates a must for businesses running Windows 10 Enterprise and Windows 10 IoT Enterprise.
How to keep your PC safe from hackers
Just like with the best phones, the most important and easiest way to keep your Windows laptop or desktop safe from hackers is to install the latest updates as soon as they become available. Microsoft makes this fairly easy to remember to do too, as your PC will give you the option to install any new updates whenever you restart or shut it down.
From here, you should also consider using the best antivirus software to protect you from malware and other viruses. Windows Defender is a great, free option that ships with your PC but paid antivirus software also comes bundled with useful extras like a VPN or a password manager.
At the same time, you want to make sure that you’re not downloading any files or attachments from suspicious websites or emails. The same goes for clicking on links in any emails you receive from unknown senders. One easy way to spot a scam email is that hackers often try to instill a sense of urgency by playing to your emotions to get you to either click on or respond to their phishing emails.
Patch Tuesday happens every month and if you have one of the best Windows laptops, you should plan to update your PC around the second week of each month. This may seem annoying but dealing with these smaller, security-focused Windows updates is certainly better than becoming a victim to identity theft or having hackers take over your computer.