We are already on the second Tuesday of the year. And as usual, Microsoft has already released its first security patches of 2024. With them, the company seeks to correct all the security flaws that have appeared in recent weeks and that endanger users, while guaranteeing the best possible quality and experience when using your operating system.
The last few months have not been especially good for Microsoft users, at least when it comes to security. And 2024 begins in a similar way. On this occasion, Microsoft has fixed a total of 49 unique vulnerabilities in its products, in addition to fixing another 5 vulnerabilities in third-party products. All supported versions of Windows are affected by at least one vulnerability, although more commonly they are affected by two.
The versions of Windows that have received updates on this occasion have been:
- Windows 10 1809 / 21H2 and 22H.
- Windows 11 21H2, 22H2, 23H2.
This month’s failures are divided as follows:
- 10 privilege elevation failures in the system.
- 7 vulnerabilities that allow Windows security measures to be bypassed.
- 12 remote code execution type failures.
- 11 security bugs that can be used to reveal private system information.
- 6 bugs used to cause denial of service.
- 3 “spoofing” type vulnerabilities.
If we look at the most recent versions of both operating systems, that is, Windows 10 22H2 and Windows 11 22H2 and 23H2, the vulnerabilities that have been fixed in all of them are the same. In total, these operating systems solve 34 security flaws, of which 2 have been critical and 32 have been classified as important. Specifically, there are two bugs that Microsoft highlights as being especially dangerous:
- Kerberos security flaw that allows operating system security measures to be bypassed (CVE-2024-20674)
- Vulnerability in Hyper-V that allows remote code to be executed on the system (CVE-2024-20700).
In addition to Microsoft, there are many other companies that use the second Tuesday of the month to update their products and correct all security flaws that have been detected in the last period of time. For example, Google has just released its new security patches for Android, as well as Cisco and SAP for enterprise environments.
How to update Windows
If we want to be safe and protect ourselves from hackers, what we must do is update Windows to install these security patches. Most likely, new Windows updates will be downloaded and installed automatically while we use the PC, so we should not have problems. But, if we want to make sure, we simply have to enter the Settings menu, and go to the Windows Update section. Here we will have to search for the updates manually and the program itself will be in charge of downloading and installing them on its own.
On the contrary, if we prefer to install them by hand, we can do that too. From the Microsoft Update catalog we can search and install the following updates to install them on the computer even if we do not have an Internet connection:
In addition to these updates, Microsoft has also released an emergency patch, KB5034441, to fix several BitLocker-related vulnerabilities in Windows 10. This patch also arrives through Windows Update, but it is reaching users with problems. If you have error 0x80070643 when trying to install this update, it is better to wait (a long time) for Microsoft to correct this problem.
The rest of this month’s Windows updates are not causing problems. At least, for now.