Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Microsoft fixes 149 security vulnerabilities on Windows, users should update immediately
Many security holes in Windows have just been patched
Of the 149 security vulnerabilities, 3 are rated severe, 142 are rated important, 3 are moderate, and 1 is rated low severity.
You can install the April security update by going to Start - Settings - Update and Security - Windows Update - Check for update. If any security updates are available, users just need to download and install them.
Two dangerous security vulnerabilities that are currently being actively exploited include:
- - CVE-2024-26234 (CVSS score: 6.7) - Proxy driver spoofing vulnerability
- - CVE-2024-29988 (CVSS score: 8.8) - Security feature bypass
Although Microsoft did not provide information about CVE-2024-26234, cybersecurity company Sophos said it discovered in December 2023 a malicious executable file ("Catalog.exe" or "Catalog Authentication Client" Service") signed with a valid publisher certificate.
Analysis of the binary's authentication code revealed the publisher to be Hainan YouHu Technology, which also developed another tool called LaiXi Android Screen Mirroring.
The second software is described as "a marketing software. that can connect hundreds of mobile phones and control them in batches, while also automating tasks such as mass following, liking and comment."
Sophos researcher Andreas Klopsch said: 'We have no evidence that LaiXi developers intentionally embedded malicious files in their products, or that a threat actor conducted a supply chain attack. response to insert it into the compilation/build process of LaiXi' application.
The cybersecurity company said the vulnerability exploitation campaign has been underway since at least January 5, 2023.
Another security vulnerability believed to be actively exploited is CVE-2024-29988, which like CVE-2024-21412 and CVE-2023-36025, allows attackers to bypass SmartScreen protections. Microsoft Defender when opening a specially created file.
'To exploit this security feature bypass vulnerability, an attacker would need to persuade a user to launch malicious files using a launcher application that requires no user interface to be displayed,' Microsoft said.
Another important vulnerability is CVE-2024-29990 (CVSS score: 9.0), an elevation of privilege vulnerability affecting Microsoft Azure Kubernetes Service Confidential Containers. This vulnerability can be exploited by an unauthenticated attacker to steal authentication information.
Overall, Windows users should install the April security update as soon as possible as it addresses 68 remote code execution errors, 31 privilege escalation errors, 26 security feature bypass errors, and 6 denial of service (DoS) errors. Interestingly, 24 out of 26 security vulnerabilities are related to Secure Boot.
Satnam Narang, an engineer at Tenable said: 'While none of the Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that vulnerabilities in Secure Boot still exists and we may see more malicious activities related to Secure Boot in the future'.
The revelation comes as Microsoft is facing criticism over its security practices, with a recent report from the US Cyber Security Review Board (CSRB) criticizing the company for did not do enough to stop a cyber espionage campaign by a Chinese threat actor tracked as Storm-0558.
In addition to Microsoft, security updates have also been released by other vendors in the past few weeks to fix a number of vulnerabilities, including:
- - Adobe
- - AMD
- - Android
- - Apache XML Security for C++
- - Aruba Networks
- - Atos
- - Bosch
- - Cisco
- - D-Link
- - Dell
- - Drupal
- - F5
- - Fortinet
- - Fortra
- - GitLab
- - Google Chrome
- - Google Cloud
- - Google Pixel
- - Hikvision
- - Hitachi Energy
- - HP
- - HP Enterprise
- - HTTP/2
- - IBM
- - Ivanti
- - Jenkins
- - Lenovo
- - LG webOS
- - Linux distributions Debian, Oracle Linux, Red Hat, SUSE and Ubuntu
- - MediaTek
- - Mozilla Firefox, Firefox ESR and Thunderbird
- - NETGEAR
- - NVIDIA
- - Qualcomm
- - Rockwell Automation
- - Rust
- - Samsung
- - SAP
- - Schneider Electric
- - Siemens
- - Splunk
- - Synology
- - VMware
- - WordPress
- - Zoom
Micah SotoYou should read it
- Instructions for creating the fastest Microsoft account
- Microsoft Office is now Microsoft 365. Here's how you could get it for free
- Microsoft will also have smart watches
- How to Become a Microsoft MVP
- 11 best tips to get started with Microsoft Loop
- Link Download Microsoft Word 2019
- Link download Microsoft Teams 1.3.00.3564
- 15 interesting features to use in Microsoft 365
May be interested
- Microsoft fixes 8 critical vulnerabilities
on june 13, microsoft issued eight security patches for vulnerabilities in windows operating systems, internet explorer, windows media player and office software. - Windows Update crashes, this is what you need to doin some cases windows update may refuse if it cannot install individual updates. this can happen on windows 7, 8 and 10, but especially happens on windows 7.
- Windows 10 KB4056892 emergency update (build 16299.192)microsoft released a security update to minimize security vulnerabilities for intel, amd and arm processors, which could put millions of computers at risk. below is an emergency update of windows 10 kb4056892 (build 16299.192).
- iOS 14.4 patch 3 dangerous security bugs, Apple recommends iPhone users should update immediatelyat dawn today (january 27), apple officially released the ios 14.4 update after a long testing period. this update brings changes to the camera app, fixes keyboard stutter, lag, and dangerous security patches.
- Chrome, Edge and Firefox cannot be opened after updating Windows 10, 11recently, microsoft has released the patch tuesday april 2022 update to patch a series of serious vulnerabilities on both windows 11, windows 10 and older versions of windows. to ensure safety, microsoft recommends that users update windows immediately.
- How to fix BlueKeep security error for Windows 2003, Windows XP, Windows 7, Windows Server 2008to fix the bluekeep security vulnerability, users need to disable rdp and block port 3389
- Microsoft rolls out update KB5007253 that fixes network printing errors 0x000006e4, 0x0000007c, or 0x00000709microsoft has just rolled out optional cumulative update kb5007253 preview for windows 10 2004, windows 10 20h2, windows 10 21h1, and windows 10 21h2.
- The Windows 10 KB4532693 update fails, causing a user's file to be deletedthe windows 10 kb4532693 update, released on february 11 by microsoft, includes security fixes and bug fixes. however, this patch brings users even worse problems.
- Update KB5013943 fixes screen flickering and problems with .NET apps on Windows 11a series of issues have been fixed and a series of vulnerabilities have been patched in microsoft's windows 11 update kb5013493 and patch tuesday may 2022.
- Microsoft rewards $ 250,000 for any talent that discovers the new Meltdown and Specter vulnerabilitiesin the effort to protect users from meltdown and specter vulnerabilities, microsoft has decided to launch a 'bounty hunt' program with extremely lucrative expenses for anyone who finds new security flaws. and reveal them to microsoft.
System
- How to transfer data between computers
- 4 easy ways to create ZIP files on Windows
- How to completely delete data on your computer
- How to open the virtual keyboard on Laptop simply and quickly
- How to change DNS on Windows 11 to increase Internet speed
- What is Copilot? How to install and use Copilot AI on Windows 11
How to transfer data between computers
4 easy ways to create ZIP files on Windows
How to completely delete data on your computer
How to open the virtual keyboard on Laptop simply and quickly
How to change DNS on Windows 11 to increase Internet speed
What is Copilot? How to install and use Copilot AI on Windows 11