Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Laptop
Laptop
Technology
Mark Anthony Ramirez

Update Windows 11 now! March update fixes 61 vulnerabilities including 2 critical flaws

Update Windows 11 now! March update fixes 61 vulnerabilities including 2 critical flaws.

Microsoft released a monthly security update that fixes 61 security flaws covering multiple Microsoft software suites within Windows. Two of the critical fixes are for issues facing Windows Hyper-V threading that could lead to DoS (denial of service) issues or remote code being executed on a user's system.  

Thanks to a report at The Hacker News, we know of 58 important issues that are repaired, while two are rated as critical, with one being rated of low-level importance. However, six were tagged as "Exploitation More Likely."

There are an additional 17 fixed security flaws for the Microsoft Chromium-based Edge browser, these fixes are for vulnerabilities detected since the most recent February update.

The two most critical issues are CVE-2024-21407 and CVE-2024-21408, that affect Hyper-V and could result in threat actors gaining remote code execution and DoS access to your machine.

The latest Microsoft update will also address escalation flaws in the Azure Kubernetes Service Confidential Container (CVE-2024-21400, CVSS score: 9.0). The update also fixes issues within Windows Composite Image File System (CVE-2024-26170, CVSS score: 7.8), and Authenticator (CVE-2024-21390, CVSS score: 7.1). 

This update will prevent threat actor access

Although threat actors would need a local presence on your network, that could easily happen via malware or some other malicious application one might have accidentally installed. It will need to close and re-open the Authenticator app.

Microsoft states "Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim's accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running,"

According to Satnam Narang, senior staff research engineer at Tenable, "Having access to a target device is bad enough as they can monitor keystrokes, steal data and redirect users to phishing websites, but if the goal is to remain stealth, they could maintain this access and steal multi-factor authentication codes to login to sensitive accounts, steal data or hijack the accounts altogether by changing passwords and replacing the multi-factor authentication device, effectively locking the user out of their accounts."

Another vulnerability of note is a privilege escalation bug in the Print Spooler (CVE-2024-21433, CVSS score: 7.0) which would grant a threat actor access and system privileges. 

So many issues are addressed thanks to this update. You should update immediately to ensure your system and network is protected. 

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.