Microsoft has issued an urgent update for millions of Windows devices ― and this is a one software patch that you cannot afford to miss. That’s because two of the flaws are being actively exploited by hackers to bypass built-in security protocols and steal personal data.
These glitches, known as zero-day flaws, are the most dangerous since scammers are already aware of how to leverage them. It’s now a race against time for Windows users to update to the latest patch ― stopping the hackers in their tracks.
It comes as Microsoft warned of a rise in the number of threats aimed at Windows users.
In a statement, the Redmond-based company said: “In recent months, Microsoft Threat Intelligence has seen an increase in activity from threat actors leveraging social engineering and phishing techniques to target Windows OS users.”
The latest security update started to roll-out to PCs late on February 13, 2024. Microsoft typically releases fixes for flaws in its products on the second Tuesday of every month, dubbed Patch Tuesday.
In total, the latest update contains fixes for 73 separate flaws across Windows, Microsoft Office, and Outlook. Of those, Microsoft has rated five as “critical”, including the two zero-day bugs.
The first zero-day, which has been assigned the name CVE-2024-21351 by Microsoft, allows hackers to inject code into Windows SmartScreen ― an anti-phishing and anti-malware shield built into all Microsoft operating systems from Windows 8 onwards ―that can expose your personal data.
Hackers would need to send victims a dodgy file laced with malicious code and convince them to open it to take advantage of this particular zero-day. That’s why it’s so important to only open email attachments from people you really trust, or download files from trusted websites.
The second flaw that hackers are actively using to attacks PC owners worldwide is known as CVE-2024-21412. Microsoft has given this the highest rating using the CVSS (Common Vulnerability Scoring System) suggesting that it’s easily the most dangerous of the lot.
Anything over a 5 out of 10 is automatically rated “critical”, but this second zero-day scores an almighty 8.1 out of 10. Like before, hackers still need to convince victims to open a dodgy file to take advantage of this one. Once they do, the flaw allows them to bypass displayed security checks.
Microsoft is tight-lipped on the exact details of how these flaws work since giving too much away could possibly lead to a spate of copycat attacks from other scam artists.
The remaining 70 or so flaws addressed in the patch can be found across Microsoft’s entire product lineup, including Outlook and Microsoft Office. Microsoft has also issued a new version of its Edge web browser, which fixes 24 flaws in the software.
LATEST DEVELOPMENTS
- Change your password! 26 billion accounts leaked in ‘mother of all breaches’
- This website wipes all trace of your personal data from the internet
- Google issues new warning for Chrome users about tracking in Incognito Mode
- If you've downloaded one of these 25 Android apps, delete it NOW
- End of the satellite dish? Sky Q slowly phased out as Sky prioritises streaming
If you’re unsure whether you’re already running the latest version of the Windows, click on the Start menu and then head to Settings > Windows Update, then press Check For Updates.
If you’re running an older version of Windows ― one still suffering from the two zero-day flaws —you’ll be shown the latest update, with the option to install it.
