Microsoft fixed 97 security vulnerabilities at once. An update that needs to be installed immediately!
Security updates should always be installed as soon as possible. When you see it arriving on your smartphone or computer, it’s important to install it in order to fix a particular flaw or bug in your device’s security. However, if you have a PC, the operation is especially important now, since the latest update contains about 100 fixes, including one for a actively exploited vulnerability.
Microsoft fixed 97 security vulnerabilities in one fell swoop
The update deployed by Microsoft fixes at least 97 security vulnerabilities. They are not all of the same severity: seven of them, however, are marked as “Critical”, and the rest – as “Important”. Also note that it’s not possible to choose which ones you install, but it’s good to know the most serious ones.
In summary, this patch fixes at least 45 remote code execution flaws that allow attackers to execute code on your computer, and 20 privilege escalation flaws that allow attackers to gain access to system functions normally reserved for administrators.
Here is the complete list:
- 45 disadvantages of remote code execution
- 20 privilege escalation vulnerabilities
- 10 loopholes for information disclosure
- 9 Denial of Service Defects
- 8 disadvantages of security bypass
- 6 disadvantages of spoofing
However, one of them is especially serious: CVE-2023-28252. Microsoft has confirmed that this vulnerability is day zero and actively exploited, which means that attackers are already using it to attack users. The Redmond-based firm explains that “an attacker who successfully exploited this vulnerability could gain system privileges,”in other words, gain control of your PC.
While we rarely know who is exploiting these vulnerabilities, in this particular case the information is known. Cybersecurity firm Kaspersky Lab has identified a group exploiting the vulnerability to launch ransomware attacks against businesses in Asia, the Middle East and North America. Even the CISA (Cybersecurity and Infrastructure Security Agency) has asked their agencies to install this update by May 2nd.
How to install the latest update in Windows
To install the latest security update that addresses these 97 vulnerabilities, select Start > Settings > Windows Update (Windows 11) or Start > Settings > Update & Security > Windows Update (Windows 10).