Windows 11 just got some vital security updates, so don’t hang around, patch now

/in


Windows 11 just got a raft of security fixes in the latest round of monthly patching from Microsoft, including some crucial ones.

Security should always be a high priority when it comes to your PC (Image Credit: Pexels)

Open Gallery 2

Security should always be a high priority when it comes to your PC (Image Credit: Pexels)

VIEW GALLERY – 2 IMAGES

In fact, there are three fixes for zero-day vulnerabilities provided, meaning bugs in Windows 11 which are public knowledge. And in this case, these security flaws are being actively exploited by nefarious types – so they represent a clear potential danger to Windows 11 users.

In total, there are 77 vulnerabilities fixed by Microsoft’s February patch for Windows 11 PCs, and nine are labeled as ‘critical.’

Let’s take a closer look at those worrying zero-day flaws, the first of which is CVE-2023-21823, which affects not just Windows 11 but also Windows 10 systems. This is a remote code execution vulnerability an attacker can use to leverage system privileges, and what’s particularly concerning is that according to a recent report, it’s not hard to exploit.

A security expert, Mike Walters (VP of vulnerability and threat research at Action1), told Forbes: “This vulnerability is relatively simple to exploit, utilizes local vectors, and requires low levels of access.”

It also doesn’t need the user to do anything (like click on something and fall for a pop-up prompt, for example) in order to work.

There’s a really important thing to note on this one, and that’s rather than being deployed by Windows Update, the fix for this vulnerability is being piped to Windows PCs via an update from the Microsoft Store. In other words, if you’ve disabled automatic updates from the store, that’s something you need to be aware of.

The other zero-days are CVE-2023-23376, an elevation of privilege vulnerability (local, as opposed to a glitch that can be remotely exploited), and CVE-2023-21715 which affects Microsoft Publisher. The latter allows an attacker to evade security countermeasures that block Office macros which could be malicious, but unless you run Publisher, this isn’t one to fret over.

With a total of 77 security fixes here, it’s pretty obvious that this is an update you should grab – although that’s fewer vulnerabilities than the previous January cumulative…

Source…