Microsoft just fixed 72 Windows security flaws — update your PC right now

Surface Laptop 5 open on desk showing Windows 11 desktop
(Image credit: Tom's Guide)

Microsoft just closed out its Patch Tuesday updates for 2024 by releasing fixes for 72 security flaws across its software portfolio: 17 rated Critical, 52 rated Important and one rated Moderate, and one that has been actively exploited in the wild. According to the cybersecurity firm Forta, Microsoft has resolved up to 1,088 vulnerabilities in 2024.

The vulnerability that Microsoft discovered is currently being exploited by hackers (tracked as CVE-2024-49138) is a privilege escalation flaw in the Windows common log file system (CLFS) driver which could be leveraged by an attacker to gain system privileges. Microsoft credits CrowdStrike for discovering and reporting the flaw, which is the fifth actively exploited CLFS privilege escalation flaw since 2022 – and the ninth vulnerability in the same component to receive a patch this year.

Ransomware attackers are focused on exploited CLFS privilege flaws in particular, according to one senior staff research engineer quoted by The Hacker News, as this enables them to move through a network to steal and encrypt data before extorting their victims. Microsoft has said it working to add a new verification step when parsing log files to detect malicious actors though.

In August 2024, the company stated the new security mitigations “provides CLFS the ability to detect when log files have been modified by anything other than the CLFS driver itself. This is accomplished by adding Hash-based Message Authentication Codes (HMAC) to the end of the log file.”

The flaw has been added to the Known Exploited Vulnerabilities catalog at the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which will require Federal Civilian Executive Branch (FCEB) agencies to apply necessary remediations by December 31st.

This month’s highest severity bug though is a remote code execution flaw (tracked as CVE-2024-49112) that impacts the Windows Lightweight Directory Access Protocol (LDAP). According to Microsoft, it could allow an attacker to gain code execution through a specially crafted set of LDAP calls to execute arbitrary code within the context of the LDAP service.

Other bugs of note this month include three more remote code execution flaws: one impacting Windows Hyper-V (CVE-2024-49117) one the Remote Desktop Client (CVE-2024-49105) and one that impacts Microsoft Muzic (CVE-2024-49063).

How to stay safe

How to disable the Windows key

(Image credit: Shutterstock)

Don't wait to update your PC. Instead, do so as soon as it's recommended by your operating system. Microsoft makes this easy to remember since your PC will give you the option to install new updates whenever you restart or shut down.

Next, make sure that Windows Defender is set up on your PC - it's a great option and it ships free with your PC. Don't think that means you can skip out on installing some of the best antivirus software as well. Likewise, many antivirus software suites come with useful extras like a password manager or a VPN.

Patch Tuesday happens every month and you should plan to update your PC immediately after, usually around the second week of each month. If you have one of the best Windows laptops, you may think this is unnecessary, but if you want your machine to run well and virus free, ensuring that these security-focused updates are installed is the best way to do so.

More from Tom's Guide

TOPICS
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

Read more
How to disable the Windows key
Microsoft patches over 160 security flaws including 3 active zero days — update your PC right now
Windows
240 million Windows 10 users are vulnerable to six different hacker exploits — protect yourself now
Google Pixel 9 held in the hand.
Google just fixed a zero-day kernel flaw used by hackers and 47 other vulnerabilities — update your Android phone right now
iPhone 16 Pro shown held in hand
Apple just patched its first zero-day flaw of the year — update your iPhone and Mac right now
Android 12
Google March Android Security Update fixes two high severity vulnerabilities — update now
A laptop on a windowsill in the middle of a Windows update
Microsoft is ending support for Windows 10 soon — 5 ways to make sure your PC is secure
Latest in Windows Operating Systems
Microsoft Office is finally as it should have been on iPad
Microsoft tests free Word, PowerPoint and Excel apps for Windows — expect a lot of ads
laptop anger
Latest Windows 11 update reportedly breaking major parts of the operating system
Windows 10 logo
Windows 10 end of life set for this year — everything you need to know to get ready
Windows 11 logo on a laptop screen
I reviewed Windows 11, and these are the 5 new features I'm most excited about for 2025
A Windows 11 laptop, demonstrating how to run Android apps on Windows 11
How to remove the Windows 11 news and weather widget
Man typing on Windows 11 laptop
Microsoft confirms major Windows 11 and Windows 10 audio bug is cutting sound on PCs
Latest in News
iPhone 16 Pro vs iPhone 16 Pro Max in hand showing displays
Forget iPhone 17 — iPhone 18 could get this huge upgrade
The new Husqvarna iQ series robot lawn mower.
Husqvarna’s new robot mowers offer GPS for less
Rendered images of rumored foldable iPhone.
Foldable iPhone report just revealed key details — here's what we know
NYTimes Connections
NYT Connections today hints and answers — Sunday, March 23 (#651)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #385 (Sunday, March 23 2025)
Nintendo Switch 2
Nintendo Switch 2 rumored specs — here’s what we know so far