Microsoft Windows 11 Security Updates Are Out, 2 Zero-Days Fixed

Microsoft's latest Patch Tuesday for Windows 11 addresses a wide range of vulnerabilities, including two critical zero-day flaws that are already being exploited.

A total of 117 security flaws were fixed, with the most severe being a critical flaw in the Microsoft Management Console and another in the Windows MSHTML Platform.

Zero-day flaws

• CVE-2024-43572: A vulnerability in the Microsoft Management Console (MMC) allows attackers to execute arbitrary code on a compromised system. This issue, which is already being exploited, carries a CVSS score of 7.8.
• CVE-2024-43573: This bug in the Windows MSHTML Platform is a remote code execution vulnerability that also has evidence of active exploitation. It has a CVSS score of 6.5, marking it as a serious concern for users.

Both of these vulnerabilities can lead to a full system compromise if exploited successfully, giving attackers control over a target machine. Microsoft's fixes aim to neutralize these threats, preventing further exploitation.

Other important flaws addressed

The update also covers a number of high-severity issues across various Windows components:

• CVE-2024-30092: A flaw in Windows Hyper-V with an 8.0 CVSS score could lead to privilege escalation.
• CVE-2024-38124: A critical issue in Windows Netlogon, with a 9.0 CVSS score, affects domain controllers and could allow attackers to compromise the integrity of network authentication protocols.
• CVE-2024-43468: A 9.8 CVSS vulnerability in Microsoft Configuration Manager that could lead to remote code execution, making it a high-priority patch for IT administrators.

Windows 11 Version 22H2 end of service

With this release, Microsoft has officially ended support for Windows 11 version 22H2 Home and Pro editions, effective October 8, 2024. Users still on this version are strongly advised to upgrade to the latest version, Windows 11 version 23H2, to continue receiving security and non-security updates. Enterprise and Education editions will still receive updates past this date.

How to update

Users can install the latest security update (KB5044285) automatically via Windows Update. Those managing updates manually can download them through the Microsoft Update Catalog or the Windows Server Update Services (WSUS). The update is bundled with a servicing stack update (KB5046247), ensuring that future updates are installed correctly.

To apply the latest Windows 11 update:

Go to Settings > Windows Update and click Check for updates.

A system restart will be required after completing the download to install the update and apply the changes.

This update is crucial for maintaining system security and mitigating known exploits actively used by attackers, so its application shouldn't be delayed.