(Credit: Hamara/Shutterstock.com)
New updates for Windows 10 and 11 PCs include a fix for a high-severity bug that's been actively exploited, according to posts on Microsoft's website.
The flaw—a "Common Log File System Driver Elevation of Privilege Vulnerability" named CVE-2024-49138—could give an attacker system privileges. This means they could gain access to your PC and compromise it at a level that's higher than admin privileges. The bug is a heap-based buffer overflow bug, meaning it's tied to a memory issue.
IT software firm Ivanti says this bug impacts all Windows operating systems back to Server 2008, and a Microsoft page describing the bug confirms that Windows 10 versions, Windows 11 versions, and Windows Server operating systems are vulnerable to this exploit until they install the latest update. The US Cybersecurity and Infrastructure Security Agency (CISA) also posted about the update and encouraged individuals and businesses to update their Windows PCs.
Microsoft's Tuesday update for Windows resolves 70 potential exploits, so it's worth updating your PC for more than just the aforementioned bug. "Risk-based prioritization would rate this vulnerability as Critical, which makes the Windows OS update this month your top priority," Ivanti said in its summary of the update.
Security updates were also released on Tuesday for Adobe products, including Photoshop, InDesign, Premiere Pro, and others.
If you're using Windows, it's a good idea to keep Microsoft Defender enabled to protect your PC. If you want additional protection, however, there are other antivirus programs out there as well as download blockers to keep your computer safe.
Microsoft is extending security updates for Windows 10 beyond 2025 if you're not ready to move to Windows 11, but you'll have to pay for that support. It'll cost businesses $61 per device per year and education clients just $1 for the first year; it's $30 for consumers for one year.