One of Microsoft’s biggest Windows 11 updates yet brought a massive number of security flaw fixes

Woman relaxing on a sofa, holding a laptop in her lap and using it
(Image credit: Shutterstock/fizkes)

Microsoft has issued a mammoth Windows 11 update that brings fixes for around 150 security flaws in the operating system, as well as fixes for 67 Remote Code Execution (RCE) vulnerabilities. RCEs enable malicious actors to deploy their code to a target device remotely, often being able to do so without a person’s consent or knowledge - so this is a Windows 11 update you definitely want to install ASAP. 

This update was rolled out on Microsoft’s Patch Tuesday (the second Tuesday of every month), a monthly update when Microsoft releases security updates. 

Three of these were classed as ‘critical’ vulnerabilities, meaning that Microsoft saw them as posing a particularly hefty risk to users. According to Bleeping Computer, more than half of the RCE vulnerabilities were found in Microsoft SQL drivers; essential software components that facilitate communication between Microsoft apps and its servers, leading to speculation that the SQL drivers share a common flaw that is being exploited by malicious users. 

The three vulnerabilities classed as ‘critical’ had to do with Windows Defender, ironically an app designed by Microsoft to protect users from online threats. 

Windows Defender extension for Chrome

(Image credit: Future)

A possibly record-setting update

KrebsonSecurity, a security news site, claims that this security update sets a record for the number of Windows 11 issues addressed, making it the largest update Microsoft has released this year (so far) and the largest released since 2017. 

The number of bugs is broken down as follows:

  • 31 Elevation of Privilege Vulnerabilities
  • 29 Security Feature Bypass Vulnerabilities
  • 67 Remote Code Execution Vulnerabilities
  • 13 Information Disclosure Vulnerabilities
  • 7 Denial of Service Vulnerabilities
  • 3 Spoofing Vulnerabilities

These spanned across several apps and functionalities, including Microsoft Office apps, Bitlocker, Windows Defender, Azure, and more. 

Two zero-day loopholes that were cause for concern

Two zero-day vulnerabilities were also addressed by Microsoft in April’s Patch Tuesday update, and apparently, they have been exploited in malware attacks. Zero-day vulnerabilities are flaws in software that potentially harmful actors find and possibly exploit before the software’s developers discover it. The zero refers to the proverbial buffer of time that developers have in terms of urgency to develop a patch to address the issue. 

Microsoft hasn’t said whether the zero-day flaws were being actively exploited, but this information was shared by Sophos (a software and hardware company) and Trend Micro (a cybersecurity platform). 

One of these has been labeled CVE-2024-26234 by Microsoft, and it’s been classed as a Proxy Drive Spoofing Vulnerability. The other, CVE-2024-29988, was classed as a SmartScreen Prompt Security Feature Bypass Vulnerability.

You can see the full list of vulnerabilities in a report by Bleeping Computer. Mashable points to the fact that Windows necessitates such a vast number of patches and changes because Windows is used as the operating system on different manufacturers’ machines and has to constantly keep up with accommodating a variety of hardware configurations.   

Some users might find Windows 11’s need for frequent updates annoying, which could lead them to consider alternative operating systems like macOS. If you’re sticking with Windows 11, KrebsonSecurity recommends that you back up your computer’s data before installing the update. I’m glad Microsoft continues to address bugs and security risks in Windows 11, even if that does mean we’re nagged to update the OS more than some of its competitors, and I would urge users to make sure that they install this update, which you can do through Windows Update if your PC hasn’t started this process already. 

YOU MIGHT ALSO LIKE...

Computing Writer

Kristina is a UK-based Computing Writer, and is interested in all things computing, software, tech, mathematics and science. Previously, she has written articles about popular culture, economics, and miscellaneous other topics.

She has a personal interest in the history of mathematics, science, and technology; in particular, she closely follows AI and philosophically-motivated discussions.

Read more
A hacker wearing a hoodie sitting at a computer, his face hidden.
Microsoft patches three worrying security flaws in its latest critical update, so update now
Representational image of a cybercriminal
Microsoft just patched a host of worrying security issues, so update now
Woman gaming on a computer at home
Microsoft finally fixes some of Windows 11’s most annoying problems with new patch
Angry businessman destroying his desk and laptop with a baseball bat
New patch for Windows 11 24H2 reportedly plays havoc with File Explorer, and some folks are claiming it's broken their PC
A laptop with the Windows 11 desktop on screen, glowing, while on a work desk
Are you unable to get security updates for Windows 11 24H2? Here’s the likely reason why, and the fix to get your PC safe and secure again
Man having Windows 11 problems with his laptop
Fed up of adverts creeping into Windows 11? You won’t like Microsoft’s latest update, then, although it does provide some important bug fixes
Latest in Software
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Apple CEO Tim Cook delivers remarks before the start of an Apple event at Apple headquarters on September 09, 2024 in Cupertino, California. Apple held an event to showcase the new iPhone 16, Airpods and Apple Watch models. (Photo by Justin Sullivan/Getty Images)
The big Siri Apple Intelligence delay proves that maybe we really don't know Apple at all
AI writer
Coding AI tells developer to write it himself
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Apple iPhone 16 Pro Max REVIEW
Apple Intelligence is a fever dream that I bet Apple wishes we could all forget about
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Latest in News
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
AI writer
Coding AI tells developer to write it himself
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Finger Presses Orange Button Domain Name Registration on Black Keyboard Background. Closeup View
I visited the world’s first registered .com domain – and you won’t believe what it’s offering today
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock