Update Windows now to fix 50+ flaws and 3 zero-days

May 13, 2021

By Kim Komando

Microsoft releases an update for Windows every month that adds cool new features and patches critical security flaws. This month’s update fixes several serious vulnerabilities.

The update is not as big as the 108-flaw update rolled out in April. But this month’s nonetheless corrects more than 50 vulnerabilities — of which four are labeled as critical.

The update spans several Microsoft products, like .NET Core, Visual Studio, Windows 10 and Office. So, if you use anything Microsoft, it’s a good idea to update your system.

Here’s the backstory

Microsoft also designated three flaws as “zero-day exploits.” Thankfully there are no signs that the zero-day bugs have caused trouble.

Three of the critical vulnerabilities are in .NET and Visual Studio, Microsoft Exchange Server and Common Utilities. All had varying degrees of Elevation of Privilege or Remote Code Execution vulnerabilities.

But the fourth bug caught the eye of cybersecurity advocates Zero Day Initiative. Designated as CVE-2021-31166, it is an HTTP Protocol Stack Remote Code Execution flaw. That means a hacker can worm their way into your machine by simply sending a packet over a network.

“An attacker would simply need to send a specially crafted packet to an affected server. That makes this bug wormable, with even Microsoft calling that out in their write-up,” Zero Day Initiative wrote in a blog post.

As always, it’s a good idea to keep your operating system updated. Here’s how to update your Windows PC:

Click the Start Menu and tap Settings. Click Update & SecurityWindows Update. From there, you’ll be able to see if updates are available for download. If not, click Check for Updates to force the process.

Adobe update

Adobe also released its May update this week. It fixes 44 vulnerabilities through 12 patches and covers InDesign, Illustrator, InCopy, Adobe Genuine Service, Acrobat, and Reader, to name but a few.

“The update for Acrobat and Reader is the highest priority. One of the 14 CVEs fixed by this patch is listed as being currently used in the wild,” Zero Day Initiative wrote.

Other important Adobe patches correct several issues of elevated privileges, accessing compromised machines through infected PDF files and remote execution bugs.

Keep reading

Update your iPhone now to patch 2 big vulnerabilities

Dangerous new email scam targets Outlook users

https://www.komando.com/tips/windows/windows-update-fixes-zero-day-flaws/