Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Don’t leave it too late to update your PC.
Microsoft users are under attack. This month’s Patch Tuesday addresses another six actively exploited vulnerabilities amongst dozens of other fixes. This has prompted the U.S. cyber defense agency to warn users to update PCs by April 1st or turn them off.
Trend Micro’s Zero Day Initiative describes “the number of actively exploited bugs [as] extraordinary.” And while those half-dozen zero-days will take the headlines, there are other “frightening-looking bugs” as well. In total, Microsoft has released “56 new CVEs in Windows and Windows Components, Office and Office Components, Azure, .NET and Visual Studio, Remote Desktop Services, DNS Server, and Hyper-V Server… With the addition of the third-party CVEs, the entire release tops out at 67 CVEs.”
As The Register puts it, the update includes “a dirty dozen flaws competing for your urgent attention – six of them rated critical and another six already being exploited by criminals.” This month’s CVEs can be found here, listed by severity. What is clear is this is certainly not the time to put security updates at risk.
And on that note, this update is particularly interesting — as will be each one through to October — as there remain some 800 million users on Windows 10, which will end security updates on October 14th. Perhaps as many as 240 million of those Windows 10 holdouts do not have PCs capable of a free Windows 11 upgrade. Most of the others — one expects/hopes — will shift to Windows 11 before the deadline.
As I reported earlier this week, after an alarming end to 2024 with Windows 10 building back market share at Windows 11’s expense, we’re now getting back on track. Around 2% of the install base seems to be moving across each month, with Windows 10 now down below 60% for the first time and Windows 11 bumping up toward 40%.
Microsoft is shutting down workarounds and reinforcing that Windows 11 upgrades are only available for those with a fully licensed Windows 10 machine capable of the leap. Its guidance — now front and center with its updates — warns “support for Windows 10 will end in October 2025. After October 14, 2025, Microsoft will no longer provide free software updates from Windows Update, technical assistance, or security fixes for Windows 10. Your PC will still work, but we recommend moving to Windows 11.”
Those with Windows 10 PCs not capable of an upgrade need to act before the deadline hits and security updates cease. The sheer scale of exploited vulnerabilities thus far this year illustrates just how risky it will be to leave PCs exposed. If you’d rather pay $30 and buy yourself an extra year, rather than fund a new machine, then do that. Actively exploited vulnerabilities are stacking up month by month, and the longer you leave a device exposed, the more vulnerable you become to an attack.
Per Dark Reading, this is a “whopping number of Microsoft zero-days under attack,” and a number of fixes that is “the company’s second-largest ever.” As October nears, you can expect to read more about those being pushed to upgrade PCs when they cannot afford to do so, and the scale of landfill from hundreds of millions of PCs being rendered useless all at once. None of that changes the fundamentals, though.
You need to act before it’s too late.
