In an ideal world, software would have no security vulnerabilities. Code would be perfectly written, omitting any bugs or glitches in the system that could be taken advantage of for hacking or other malicious purposes. As hard as developers might try to make that a reality, the truth is we will always have imperfect software, which means we will always have new security vulnerabilities to discover and patch. Microsoft has such a patch available for Windows PCs right now, and you should install it ASAP.
As reported by Bleeping Computer, Microsoft issued its Patch Tuesday update for this month yesterday, Tuesday, June 14. Microsoft’s Patch Tuesday updates might be expected, but it patches some serious bugs you shouldn’t ignore. There are 55 patches in total, but three in particular are labeled as “Critical:” These vulnerabilities allow for remote cote execution, which makes it possible for bad actors to manipulate and run programs on your computer. The three Critical security vulnerabilities are:
- CVE-2022-30163: Windows Hyper-V Remote Code Execution Vulnerability.
- CVE-2022-30139: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability.
- CVE-2022-30136: Windows Network File System Remote Code Execution Vulnerability.
In total, there are 27 remote code execution vulnerabilities, 12 elevation of privilege vulnerabilities, 11 information disclosure vulnerabilities, three denial of service vulnerabilities, one spoofing vulnerability, and one security feature bypass vulnerability patched in this update. You can click here to see a full list of these vulnerabilities and their identifiers.
The biggest fix this time around, however, is a patch for the zero-day vulnerability known as Follina. This vulnerability, identified as CVE-2022-30190, was discovered last month: It allowed bad actors to execute PowerShell commands on victims’ machines from a simple, malicious Word document. These documents could be shared through the usual channels, such as email, and, when opened by an unsuspecting user, allowed the sender to take advantage of the PowerShell vulnerability through the Windows Microsoft Diagnostic Tool (MSDT).
According to Bleeping Computer, this exploit was utilized in attacks on U.S. government agencies, Ukrainian media organizations, and to distribute QBot malware. Its inclusion in the June 2022 Patch Tuesday makes this update essential to install. Interestingly, however, last month’s May security patch actually put out more fires than this June update: The last Patch Tuesday addressed 75 total flaws, with three zero-day exploits.
How to update Windows to install the latest patches on your PC
It’s possible your PC will install these security updates automatically. However, to make sure they’re installed as quickly as possible, go to Start > Settings > Update & Security > Windows Update (Windows 10) or Start > Settings > Windows Update (Windows 11). Allow Windows to check for any available updates: If the patch is available, you’ll see it here. Then, you can simply follow the on-screen instructions to download and install the update to your machine.
Credit: Source link