1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • One of Microsofts biggest Windows 11 updates yet brought a massiv

    From TechnologyDaily@1337:1/100 to All on Thu Apr 11 12:15:06 2024
    One of Microsofts biggest Windows 11 updates yet brought a massive number of security flaw fixes

    Date:
    Thu, 11 Apr 2024 12:09:43 +0000

    Description:
    Microsoft's Windows 11 update tackles around 150 security flaws, along with
    67 RCE vulnerabilities. The April 2024 Patch Tuesday update addresses many potential risks, including two zero-day vulnerabilities.

    FULL STORY ======================================================================

    Microsoft has issued a mammoth Windows 11 update that brings fixes for
    around 150 security flaws in the operating system, as well as fixes for 67 Remote Code Execution (RCE) vulnerabilities. RCEs enable malicious actors to deploy their code to a target device remotely, often being able to do so without a persons consent or knowledge - so this is a Windows 11 update you definitely want to install ASAP.

    This update was rolled out on Microsofts Patch Tuesday (the second Tuesday of every month), a monthly update when Microsoft releases security updates.

    Three of these were classed as critical vulnerabilities, meaning that Microsoft saw them as posing a particularly hefty risk to users. According to Bleeping Computer , more than half of the RCE vulnerabilities were found in Microsoft SQL drivers; essential software components that facilitate communication between Microsoft apps and its servers, leading to speculation that the SQL drivers share a common flaw that is being exploited by malicious users.

    The three vulnerabilities classed as critical had to do with Windows Defender , ironically an app designed by Microsoft to protect users from online threats. (Image credit: Future) A possibly record-setting update

    KrebsonSecurity, a security news site, claims that this security update sets a record for the number of Windows 11 issues addressed, making it the largest update Microsoft has released this year (so far) and the largest released since 2017.

    The number of bugs is broken down as follows: 31 Elevation of Privilege Vulnerabilities 29 Security Feature Bypass Vulnerabilities 67 Remote Code Execution Vulnerabilities 13 Information Disclosure Vulnerabilities 7 Denial of Service Vulnerabilities 3 Spoofing Vulnerabilities

    These spanned across several apps and functionalities, including Microsoft Office apps, Bitlocker , Windows Defender , Azure , and more. Two zero-day loopholes that were cause for concern

    Two zero-day vulnerabilities were also addressed by Microsoft in Aprils Patch Tuesday update, and apparently, they have been exploited in malware attacks. Zero-day vulnerabilities are flaws in software that potentially harmful
    actors find and possibly exploit before the softwares developers discover it. The zero refers to the proverbial buffer of time that developers have in
    terms of urgency to develop a patch to address the issue.

    Microsoft hasnt said whether the zero-day flaws were being actively
    exploited, but this information was shared by Sophos (a software and hardware company) and Trend Micro (a cybersecurity platform).

    One of these has been labeled CVE-2024-26234 by Microsoft, and its been classed as a Proxy Drive Spoofing Vulnerability. The other, CVE-2024-29988 , was classed as a SmartScreen Prompt Security Feature Bypass Vulnerability.

    You can see the full list of vulnerabilities in a report by Bleeping Computer . Mashable points to the fact that Windows necessitates such a vast number of patches and changes because Windows is used as the operating system on different manufacturers machines and has to constantly keep up with accommodating a variety of hardware configurations.

    Some users might find Windows 11s need for frequent updates annoying, which could lead them to consider alternative operating systems like macOS . If youre sticking with Windows 11, KrebsonSecurity recommends that you back up your computers data before installing the update. Im glad Microsoft continues to address bugs and security risks in Windows 11, even if that does mean were nagged to update the OS more than some of its competitors, and I would urge users to make sure that they install this update, which you can do through Windows Update if your PC hasnt started this process already. YOU MIGHT ALSO LIKE... Windows 11s next big update is almost ready to roll but most people wont get it for a long time yet Windows 11s next big update is here these
    are the top 5 features introduced with Moment 5 What we want to see from Windows 11 in 2024



    ======================================================================
    Link to news story: https://www.techradar.com/computing/software/one-of-microsofts-biggest-windows -11-updates-yet-brought-a-massive-number-of-security-flaw-fixes


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)