As usual, Microsoft has released the April update package for Windows computers on “patch Tuesday,” the second Tuesday of the month.
The update fixed at least 110 vulnerabilities in Windows, of which a record 19 have been classified as critical.
This means they allow the system to be hijacked without the need to deceive its user into doing anything, says Krebs on Security.
According to Krebs, four holes were reported to Microsoft by the U.S. Security Agency (NSA).
In the past, the agency is known to have left openings unreported, as it has itself used them for espionage and attack purposes.
Read more: NSA assures its goodness, F-Secure does not quite believe
This may still be true.
It is also possible that the vulnerabilities have been reported to Microsoft after they have been used by other cyber players.
According to security company Kaspersky Lab, at least one vulnerability is likely to have already been used in the attacks.
This is a vulnerability in the “sandbox” of a web browser, i.e. in a closed and protected environment.
A broken browser sandbox usually refers to attacks made through websites.
The update includes several fixes for zero-day vulnerabilities.
At least one of these is a vulnerability in Exchange mail servers.
Other gaps were also patched in the exchange.
Similar attack techniques against ProxyLogon, which were released to the public before the updates, enabled a series of global breaches, of which there are at least dozens in Finland as well.
The attacks involved, among other things, access to organizations' e-mails and intrusion into their networks.
Read more: There is a silent disaster going on online - “dozens or hundreds of Vastamo-type data breaches”
Read more: 66 burglaries for Finnish e-mail servers - this is how the authority commented on the series of attacks
Microsoft has been working to curb the epidemic in the past with emergency patches.
The Edge Browser and Office 365 also address a number of vulnerabilities.
In addition, the “old” Edge will be phased out and replaced with a Chromium-based version now, says Bleeping Computer.
This browser is very much like Chrome.
Read more: Microsoft is starting to push forced updates to procrastinators on Windows machines
If you have not changed the settings on your computer, the update should install itself over time.
To ensure that the patches are installed immediately, type Windows Update in the search at the bottom of Windows 10, and then click Windows Update Options.
In the menu that opens, press the Check for Updates button.
Windows may start downloading new updates that require a restart to install.
You may also see a notification in the menu that updates are available and a Download button below them.
Pressing it will start the installation.Keywords: