As part of its Patch Tuesday updates for February 2024, Microsoft has released fixes to address 73 security flaws across its entire product lineup, from Windows to Office.
Of these 73 different vulnerabilities, five of them are rated as Critical, though the rest all have a CVSS (Common Vulnerability Scoring System) score of 5 or higher according to a support document from Microsoft. While most of these security flaws have yet to be used in cyberattacks, the two zero-day vulnerabilities that the software giant has patched are actively being exploited by hackers.
Besides updating Windows though, you’re also going to want to install the latest version of Microsoft Edge as 24 flaws have been patched since the release of last month’s Patch Tuesday updates, according to The Hacker News.
Here’s everything you need to know about this latest round of Patch Tuesday updates and why you should install them right now, along with some tips to help keep your PC safe from hackers.
Actively exploited zero-day flaws
For the most part, it’s not that likely that many of these flaws can be exploited by hackers, but there are four of them that Microsoft believes could be used in potential attacks. They include a flaw in Microsoft Office, one in Outlook, one related to a Windows kernel driver and one in the Windows kernel itself. However, it’s the two now patched zero-days that are actually worth worrying about.
The first zero-day (tracked as CVE-2024-21351) is a Windows SmartScreen security feature bypass with a CVSS score of 7.6 out of 10. This vulnerability is being exploited by hackers to inject code into SmartScreen which could lead to your data being exposed. However, an attacker would first need to send potential victims a malicious file and convince them to open it in order to leverage this flaw in their attacks.
The second zero-day (tracked as CVE-2024-21412) is an Internet Shortcut Files security feature bypass with a CVSS score of 8.1 out of 10. This one is more dangerous, as it can be used by an unauthenticated attacker to send potential victims a specially crafted file which can bypass displayed security checks. Like the other zero-day in this series of Patch Tuesday updates though, the hacker exploiting it would have to convince their victim to click on the file link for their attack to work.
According to a blog post from Malwarebytes, both of these zero-days affect Microsoft’s Mark of the Web (MOTW) technology which is used to ensure that Windows displays a pop-up warning message when users try to open a file that was downloaded from the internet. Without these pop-ups appearing, Windows users could end up installing dangerous software that they might have otherwise not allowed on their PCs.
How to keep your PC same from hackers
Just like with one of the best MacBooks, the easiest way to protect your Windows laptop from hackers is to install updates as soon as they become available. Although this may be slightly inconvenient, hackers love going after devices that haven’t been updated even though a fix is available.
Here’s how to update Windows 11 or how to update Windows 10 in case you need some extra help and if you run into any problems, this is how to fix a stuck Windows update. However, a lot of times when a big update is available, Windows will download it in the background and it will be applied the next time you restart your PC.
While Microsoft Defender may be good enough for your new laptop, if you’re looking for extra protection, you might also want to use one of the best antivirus software solutions alongside it. Likewise, using one of the best password managers can help protect your online accounts while also discouraging password reuse.
If you use one of the best Windows laptops, it’s worth noting that Microsoft’s Patch Tuesday updates are released on the second Tuesday of every month. This way, you can plan your workday around them so that they don’t come as an interruption when you’re in the middle of something important.
More from Tom's Guide
