Microsoft released updates to address over 50 security vulnerabilities in Windows and related software on Patch Tuesday. This month’s release was considered to be relatively light for Windows users. Additionally, Microsoft responded to criticism regarding a new feature in its flagship operating system that takes constant screenshots of user activity.
Last month, Microsoft introduced Copilot+ PCs, which include a feature called Recall. Recall constantly captures screenshots of the user’s activities on their PC, a feature that security experts likened to a keylogger. Concerns were raised about the potential risks if a user’s PC was compromised with malware, as attackers could potentially access sensitive information.
Despite Microsoft’s assurance that Recall snapshots remain on the user’s system and cannot be exfiltrated by attackers, security analyst Kevin Beaumont demonstrated how any user on the system, even a non-administrator, could export Recall data stored in a local SQLite database. The widespread criticism of Recall led Microsoft to announce that the feature would no longer be enabled by default on Copilot+ PCs.
Among the security vulnerabilities addressed in the updates, one critical flaw (CVE-2024-30080) in the Microsoft Message Queuing (MSMQ) service stood out. This vulnerability could allow attackers to execute malicious code remotely without any user interaction, prompting Microsoft to advise users to disable the vulnerable component if immediate patching is not possible.
Another critical vulnerability (CVE-2024-30078) was discovered in the Windows WiFi Driver, with potential for remote code execution. The flaw could be exploited by an unauthenticated attacker sending malicious data packets to devices on the same network, assuming access to the local network.
Microsoft also fixed several security issues in its Office applications, including remote code execution flaws. Adobe released security updates for products like Acrobat, ColdFusion, and Photoshop.
Windows admins are advised to review the individual patches released on Patch Tuesday, categorized by severity and exploitability, as published by the SANS Internet Storm Center. Early reports of any problematic Windows patches can often be found on AskWoody.com.
In conclusion, Microsoft’s Patch Tuesday addressed numerous security vulnerabilities, including critical flaws in Windows and related software. The decision to disable the Recall feature by default on Copilot+ PCs reflects the company’s responsiveness to user feedback and concerns about potential security risks. Windows users are encouraged to apply the latest updates to protect their systems from potential threats.