Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks.
Four of the flaws fixed in this patch batch earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.
Top of the critical heap is CVE-2021-40444, which affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. Microsoft warned attackers already are exploiting the flaw through Microsoft Office applications as well as IE.
The critical bug CVE-2021-36965 is interesting, as it involves a remote code execution flaw in “WLAN AutoConfig,” the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.
A similar vulnerability — CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited,” Liska said. “That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation.
How to manually check for Updates in Windows 10
Open Start Menu and click on Settings > Update & Security settings
Here, press on the Check for updates button.
If any updates are available, they will be offered to you.
If Windows Update says that your PC is up to date, it means that you have all the updates that are currently available for your system.
If you are looking for details on the latest updates, click on the Details link. More details about the updates will then be shown to you.
If you need more information about the updates, click on the Learn more link. Every update comes with a KB number. Here for example you can see update KB3103688 being offered. You could search on your favorite search engine using this KB number. Relevant results about the update are sure to be offered.
You can make your Windows 10 receive updates for other Microsoft products and software, like Office, when you update Windows.