Microsoft just patched a ton of Windows security flaws including two dangerous zero-days — update your PC right now

A shot of the Microsoft Surface Laptop Go 3 being used outside on a table
(Image credit: Tom's Guide)

Microsoft has released its latest Patch Tuesday updates and you’re going to want to install them ASAP as they contain fixes for 61 security flaws including two zero-days hackers are exploiting in the wild.

As The Hacker News, reports of these 61 security flaws, one has been given a critical severity rating, 59 are rated as important and one has a moderate rating. If you want to take a closer look at each of these flaws, Microsoft has more details including their Common Vulnerabilities and Exposures (CVE) numbers, their severity ratings and whether or not they are currently being exploited or could be in the future in its May 2024 Security Updates guide.

If you’re using one of the best Windows laptops or a desktop computer running Windows, it’s highly recommended that you install these new security updates now to avoid falling victim to any attacks leveraging them in the wild. 

Here’s what you need to know about the two zero-days that were fixed with this round of Patch Tuesday updates along with tips on how to keep your Windows PC safe from hackers.

Weaponized zero-days

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

While most of these flaws are less likely to be exploited by hackers in their attacks, Microsoft, along with several cybersecurity firms, have observed that two of them have already been weaponized.

The first is a Windows MSHTML platform security feature bypass vulnerability (tracked as CVE-2024-30040) with a CVSS score of 8.8 (out of 10) while the other is a Windows Desktop Window Manager Core Library elevation of privilege vulnerability (tracked as CVE-2024-30051) with a CVSS score of 7.8.

In an advisory, Microsoft explained that the first zero-day could be used by hackers to execute code on a vulnerable Windows PC by convincing a victim to open a malicious document. This malicious document would likely be included in a phishing email or sent as a message. Surprisingly, a victim wouldn’t even need to click on or open it for the malware to activate and infect their system.

The second zero-day Microsoft fixed in this round of Patch Tuesday Updates could allow an attacker to gain system privileges. There’s a high chance that this flaw is being widely used by hackers in their attacks as it was discovered by researchers from Kaspersky, DBAPPSecurity WeBIN Lab and Google’s Threat Analysis Group at the same time.

Kaspersky’s security researchers explained in a blog post that they’ve seen this zero-day used together with QakBot and other malware. As such, they believe that “multiple threat actors have access to it.” Kaspersky also said it will publish further details related to how this zero-day has been leveraged in malware campaigns once enough Windows users have time to update their PCs.

How to keep your Windows PC safe from hackers

Antivirus software on a PC

(Image credit: Shutterstock)

Just like with the best phones, the easiest way to keep your PC safe from cyberattacks, malware and other threats is to make sure you’re running the latest software.

To do so, click on the Start menu, select Settings and then head to Update & Security. From here, select Windows Update and then click on the Check for updates option. If any updates are available, you should download and install them as soon as possible and this is especially true following the release of Microsoft’s Patch Tuesday updates.

If you’re having trouble keeping your Windows PC updated, here’s everything you need to know about how to update Windows 11 and how to update Windows 10. Speaking of Windows 10, Microsoft’s previous operating system will reach end of support on October 14 next year, so now is a great time to upgrade to Windows 11 if you haven’t already. However, if your PC doesn’t meet the requirements, it might be worth checking out our lists of the best computers and the best laptops to replace your current machine.

Besides installing the latest Windows updates, you should also consider investing in the best antivirus software. While Microsoft Defender is a built-in antivirus that comes pre-installed on all Windows PCs, it just can’t match the features and regular updates that you get with paid antivirus software. It should be enough to protect most people but if you want that added peace of mind, a paid antivirus is the way to go.

As Patch Tuesday happens on the second Tuesday of every month, we’ll likely hear about even more security flaws that have been discovered and patched in Windows soon.

More from Tom's Guide

Category
Arrow
Arrow
Back to MacBook Air
Brand
Arrow
Processor
Arrow
RAM
Arrow
Storage Size
Arrow
Screen Size
Arrow
Colour
Arrow
Condition
Arrow
Price
Arrow
Any Price
Showing 10 of 95 deals
Filters
Arrow
Load more deals
Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.