One of Microsoft’s biggest Windows 11 updates yet brought a massive number of security flaw fixes

Microsoft’s April 2024 Patch Tuesday update delivers major security boost

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas issued a mammothWindows 11update that brings fixes for around 150 security flaws in theoperating system, as well as fixes for 67 Remote Code Execution (RCE) vulnerabilities. RCEs enable malicious actors to deploy their code to a target device remotely, often being able to do so without a person’s consent or knowledge - so this is aWindows 11update you definitely want to install ASAP.

This update was rolled out onMicrosoft’s Patch Tuesday (the second Tuesday of every month), a monthly update when Microsoft releases security updates.

Three of these were classed as ‘critical’ vulnerabilities, meaning that Microsoft saw them as posing a particularly hefty risk to users.According to Bleeping Computer, more than half of the RCE vulnerabilities were found in Microsoft SQL drivers; essential software components that facilitate communication between Microsoft apps and its servers, leading to speculation that the SQL drivers share a common flaw that is being exploited by malicious users.

The three vulnerabilities classed as ‘critical’ had to do withWindows Defender, ironically an app designed by Microsoft to protect users from online threats.

A possibly record-setting update

KrebsonSecurity, a security news site, claimsthat this security update sets a record for the number of Windows 11 issues addressed, making it the largest update Microsoft has released this year (so far) and the largest released since 2017.

The number of bugs is broken down as follows:

These spanned across several apps and functionalities, includingMicrosoft Officeapps,Bitlocker,Windows Defender,Azure, and more.

Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.

Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.

Two zero-day loopholes that were cause for concern

Two zero-day vulnerabilities were also addressed by Microsoft in April’s Patch Tuesday update, and apparently, they have been exploited in malware attacks. Zero-day vulnerabilities are flaws in software that potentially harmful actors find and possibly exploit before the software’s developers discover it. The zero refers to the proverbial buffer of time that developers have in terms of urgency to develop a patch to address the issue.

Microsoft hasn’t said whether the zero-day flaws were being actively exploited, but this information was shared by Sophos (a software and hardware company) and Trend Micro (a cybersecurity platform).

One of these has been labeledCVE-2024-26234by Microsoft, and it’s been classed as a Proxy Drive Spoofing Vulnerability. The other,CVE-2024-29988, was classed as a SmartScreen Prompt Security Feature Bypass Vulnerability.

You can see the full list of vulnerabilities ina report by Bleeping Computer. Mashable points to the fact thatWindowsnecessitates such a vast number of patches and changes because Windows is used as the operating system on different manufacturers’ machines and has to constantly keep up with accommodating a variety of hardware configurations.

Some users might find Windows 11’s need for frequent updates annoying, which could lead them to consider alternative operating systems likemacOS. If you’re sticking with Windows 11, KrebsonSecurity recommends that you back up your computer’s data before installing the update. I’m glad Microsoft continues to address bugs and security risks in Windows 11, even if that does mean we’re nagged to update the OS more than some of its competitors, and I would urge users to make sure that they install this update, which you can do through Windows Update if your PC hasn’t started this process already.

YOU MIGHT ALSO LIKE…

Kristina is a UK-based Computing Writer, and is interested in all things computing, software, tech, mathematics and science. Previously, she has written articles about popular culture, economics, and miscellaneous other topics.

She has a personal interest in the history of mathematics, science, and technology; in particular, she closely follows AI and philosophically-motivated discussions.

How to delete a character from Character AI

How to turn off Meta AI

Belkin’s Travel Bag for Vision Pro has pockets and is way cheaper than Apple’s own case