Update Windows 11 now! March update fixes 61 vulnerabilities including 2 critical flaws
Major vulnerabilities addressed in the latest Windows update
Microsoft released a monthly security update that fixes 61 security flaws covering multiple Microsoft software suites within Windows. Two of the critical fixes are for issues facing Windows Hyper-V threading that could lead to DoS (denial of service) issues or remote code being executed on a user's system.
Thanks to a report at The Hacker News, we know of 58 important issues that are repaired, while two are rated as critical, with one being rated of low-level importance. However, six were tagged as "Exploitation More Likely."
There are an additional 17 fixed security flaws for the Microsoft Chromium-based Edge browser, these fixes are for vulnerabilities detected since the most recent February update.
The two most critical issues are CVE-2024-21407 and CVE-2024-21408, that affect Hyper-V and could result in threat actors gaining remote code execution and DoS access to your machine.
The latest Microsoft update will also address escalation flaws in the Azure Kubernetes Service Confidential Container (CVE-2024-21400, CVSS score: 9.0). The update also fixes issues within Windows Composite Image File System (CVE-2024-26170, CVSS score: 7.8), and Authenticator (CVE-2024-21390, CVSS score: 7.1).
This update will prevent threat actor access
Although threat actors would need a local presence on your network, that could easily happen via malware or some other malicious application one might have accidentally installed. It will need to close and re-open the Authenticator app.
Microsoft states "Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim's accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running,"
Stay in the know with Laptop Mag
Get our in-depth reviews, helpful tips, great deals, and the biggest news stories delivered to your inbox.
According to Satnam Narang, senior staff research engineer at Tenable, "Having access to a target device is bad enough as they can monitor keystrokes, steal data and redirect users to phishing websites, but if the goal is to remain stealth, they could maintain this access and steal multi-factor authentication codes to login to sensitive accounts, steal data or hijack the accounts altogether by changing passwords and replacing the multi-factor authentication device, effectively locking the user out of their accounts."
Another vulnerability of note is a privilege escalation bug in the Print Spooler (CVE-2024-21433, CVSS score: 7.0) which would grant a threat actor access and system privileges.
So many issues are addressed thanks to this update. You should update immediately to ensure your system and network is protected.
Mark has spent 20 years headlining comedy shows around the country and made appearances on ABC, MTV, Comedy Central, Howard Stern, Food Network, and Sirius XM Radio. He has written about every topic imaginable, from dating, family, politics, social issues, and tech. He wrote his first tech articles for the now-defunct Dads On Tech 10 years ago, and his passion for combining humor and tech has grown under the tutelage of the Laptop Mag team. His penchant for tearing things down and rebuilding them did not make Mark popular at home, however, when he got his hands on the legendary Commodore 64, his passion for all things tech deepened. These days, when he is not filming, editing footage, tinkering with cameras and laptops, or on stage, he can be found at his desk snacking, writing about everything tech, new jokes, or scripts he dreams of filming.