Photo: Wachiwit (Shutterstock)
I’m of the position that security updates are important to install as soon as possible. When you see one hit your update pane on your smartphone or computer, it’s important to install and patch whatever security issues developers recently discovered. If you have a PC, however, it’s particularly important to install this security update, which contains nearly 100 patches, including one for an actively exploited vulnerability.
Microsoft’s latest update contains patches for a whopping 97 security flaws, as reported by The Hacker News. Not all security vulnerabilities are the same, with some being more severe than others: There are seven flaws in this update rated as “Critical,” while the rest are “Important.” You can’t pick and choose which patches to install, of course, but it’s good to know which of the flaws are most serious.
This includes patches for 45 remote code execution flaws, vulnerabilities that allow bad actors to run whatever code they want on your machine, and 20 elevation of privilege flaws, which allow bad actors to gain access to system controls only offered to administrators. You can find the full count of vulnerability types below:
45 remote code execution vulnerabilities 20 elevation of privilege vulnerabilities10 information disclosure vulnerabilitiesNine denial of service vulnerabilities Eight security feature bypass vulnerabilitiesSix spoofing vulnerabilitiesHowever, one of these flaws is the most severe of all: CVE-2023-28252. Microsoft confirmed this flaw is a zero-day under active exploitation, which means bad actors have already taken advantage of it to target and attack Windows users. Microsoft says, “an attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” which would essentially allow them to take control of your PC.
While we often don’t know who is actively exploiting particular security flaws, we do in this case. Cybersecurity firm Kaspersky identified a cybercrime group that uses this exploit to issue ransomware attacks on businesses throughout Asia, the Middle East, and North America. Even CISA (Cybersecurity and Infrastructure Security Agency) has ordered its agencies to patch this vulnerability by May 2.
How to install the latest security patch on Windows
To install this latest security update and patch these 97 vulnerabilities, go to Start > Settings > Windows Update (Windows 11) or Start > Settings > Update & Security > Windows Update (Windows 10).