As long as there are computers, there will be bugs crawling around inside them. You know, metaphorically. Lucky for us Windows users, Microsoft has just squashed another batch of them. If you use a PC and you haven’t installed this update yet, you’re going to want to do so immediately.
As reported by Bleeping Computer, Microsoft released its March 2022 update on Patch Tuesday. The update contains patches for 71 known vulnerabilities, ranging from issues like elevation of privilege, denial of service, and spoofing. In addition, the company fixed 21 Chromium vulnerabilities for Microsoft Edge.
Patching security flaws is always important, and you should install every patch to protect yourself against whatever issues Microsoft has identified. However, this time around there are three flaws that are potentially more dangerous than the others:
- CVE-2022-21990 – Remote Desktop Client Remote Code Execution Vulnerability
- CVE-2022-24459 – Windows Fax and Scan Service Elevation of Privilege Vulnerability
- CVE-2022-24512 – .NET and Visual Studio Remote Code Execution Vulnerability
These three entries are known as zero-day vulnerabilities, meaning the flaws have been publicly identified as known threats already. Unlike the other issues Microsoft patched, these vulnerabilities were known to everyone paying attention, meaning bad actors could have found a way to exploit them. While Microsoft says none of the vulnerabilities were actively exploited, the company acknowledged there have been proof-of-concept exploits for CVE-2022-21990 and CVE-2022-24459.
According to Bleeping Computer, Microsoft thinks these other two vulnerabilities are also likely to be exploited in due time:
- CVE-2022-24508 – Windows SMBv3 Client/Server Remote Code Execution Vulnerability
- CVE-2022-23277 – Microsoft Exchange Server Remote Code Execution Vulnerability
Security patches are a double-edge sword (weighing heavily, of course, on the side of good). On the one hand, Microsoft is patching security issues that could, in theory, be used against you. On the other, now that all bugs are out in the open, and all are now patched, bad actors could take a closer look at them and come up with ways to harm users who haven’t updated yet.
That makes it imperative you update your PC as soon as possible.
How to update your PC to install the latest security patches
Windows might just let you know you have an update available, and begin installing it automatically. If not, you’ll need to check for an update manually to get things moving along.
To do so, head to Start > Settings > Update & Security > Windows Update (Windows 10) or Start > Settings > Windows Update (Windows 11). From here, Windows might take a moment to check for any available updates. If the patch is available, you’ll see it here. Then, you can simply follow the on-screen instructions to download and install the update to your machine.