Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Microsoft just patched a ton of Windows security flaws including two dangerous zero-days — update your PC right now

A shot of the Microsoft Surface Laptop Go 3 being used outside on a table.

Microsoft has released its latest Patch Tuesday updates and you’re going to want to install them ASAP as they contain fixes for 61 security flaws including two zero-days hackers are exploiting in the wild.

As The Hacker News, reports of these 61 security flaws, one has been given a critical severity rating, 59 are rated as important and one has a moderate rating. If you want to take a closer look at each of these flaws, Microsoft has more details including their Common Vulnerabilities and Exposures (CVE) numbers, their severity ratings and whether or not they are currently being exploited or could be in the future in its May 2024 Security Updates guide.

If you’re using one of the best Windows laptops or a desktop computer running Windows, it’s highly recommended that you install these new security updates now to avoid falling victim to any attacks leveraging them in the wild. 

Here’s what you need to know about the two zero-days that were fixed with this round of Patch Tuesday updates along with tips on how to keep your Windows PC safe from hackers.

Weaponized zero-days

(Image credit: Shutterstock)

While most of these flaws are less likely to be exploited by hackers in their attacks, Microsoft, along with several cybersecurity firms, have observed that two of them have already been weaponized.

The first is a Windows MSHTML platform security feature bypass vulnerability (tracked as CVE-2024-30040) with a CVSS score of 8.8 (out of 10) while the other is a Windows Desktop Window Manager Core Library elevation of privilege vulnerability (tracked as CVE-2024-30051) with a CVSS score of 7.8.

In an advisory, Microsoft explained that the first zero-day could be used by hackers to execute code on a vulnerable Windows PC by convincing a victim to open a malicious document. This malicious document would likely be included in a phishing email or sent as a message. Surprisingly, a victim wouldn’t even need to click on or open it for the malware to activate and infect their system.

The second zero-day Microsoft fixed in this round of Patch Tuesday Updates could allow an attacker to gain system privileges. There’s a high chance that this flaw is being widely used by hackers in their attacks as it was discovered by researchers from Kaspersky, DBAPPSecurity WeBIN Lab and Google’s Threat Analysis Group at the same time.

Kaspersky’s security researchers explained in a blog post that they’ve seen this zero-day used together with QakBot and other malware. As such, they believe that “multiple threat actors have access to it.” Kaspersky also said it will publish further details related to how this zero-day has been leveraged in malware campaigns once enough Windows users have time to update their PCs.

How to keep your Windows PC safe from hackers

(Image credit: Shutterstock)

Just like with the best phones, the easiest way to keep your PC safe from cyberattacks, malware and other threats is to make sure you’re running the latest software.

To do so, click on the Start menu, select Settings and then head to Update & Security. From here, select Windows Update and then click on the Check for updates option. If any updates are available, you should download and install them as soon as possible and this is especially true following the release of Microsoft’s Patch Tuesday updates.

If you’re having trouble keeping your Windows PC updated, here’s everything you need to know about how to update Windows 11 and how to update Windows 10. Speaking of Windows 10, Microsoft’s previous operating system will reach end of support on October 14 next year, so now is a great time to upgrade to Windows 11 if you haven’t already. However, if your PC doesn’t meet the requirements, it might be worth checking out our lists of the best computers and the best laptops to replace your current machine.

Besides installing the latest Windows updates, you should also consider investing in the best antivirus software. While Microsoft Defender is a built-in antivirus that comes pre-installed on all Windows PCs, it just can’t match the features and regular updates that you get with paid antivirus software. It should be enough to protect most people but if you want that added peace of mind, a paid antivirus is the way to go.

As Patch Tuesday happens on the second Tuesday of every month, we’ll likely hear about even more security flaws that have been discovered and patched in Windows soon.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.