As part of the February 2024 Patch Tuesday Update, Microsoft released a fix that addresses 73 security flaws across its entire product lineup, from Windows to Office.

According to Microsoft's support documentation, five of these 73 vulnerabilities are rated "critical," while the remaining vulnerabilities all have Common Vulnerability Scoring System (CVSS) scores of 5 or higher. While most of these security flaws have not yet been exploited in cyber attacks, the two zero-day vulnerabilities that Microsoft has patched are being actively exploited by hackers.

According to The Hacker News, in addition to updating Windows, you should also install the latest version of Microsoft Edge, as 24 flaws have been patched since the Patch Tuesday update release last month.

Here's what you need to know about the latest Patch Tuesday Update and why you should install it now, along with tips on how to protect your PC from hackers.

In most cases, the likelihood of many of these flaws being exploited by hackers is not very high, but there are four that Microsoft believes could be used in potential attacks. These include a flaw in Microsoft Office, a flaw in Outlook, a flaw related to Windows kernel drivers, and a flaw in the Windows kernel itself. However, it is the two zero-day ones that are currently being patched that are actually worth worrying about. [The first zero-day (tracked as CVE-2024-21351) is a bypass of the Windows SmartScreen security feature, which has a CVSS score of 7.6 out of 10. This vulnerability can be exploited by hackers to inject code into SmartScreen and potentially leak data. However, in order for an attacker to use this flaw in an attack, they must first send a malicious file to a potential victim and force them to open it.

The second zero-day (tracked as CVE-2024-21412) is a bypass of the Internet Shortcut Files security feature with a CVSS score of 8.1 out of 10. It is more dangerous because it can be used by unauthenticated attackers to send specially crafted files to potential victims, bypassing the security checks that are displayed. However, as with other zero-day updates in this series of Patch Tuesday updates, the hacker who exploits it needs to convince the victim to click on a link in the file for the attack to work.

According to a blog post by Malwarebytes, both of these zero-day exploits affect Microsoft's Mark of the Web (MOTW) technology, which means that when users attempt to open files downloaded from the Internet, Windows pop-up warning message. If this pop-up is not displayed, Windows users may end up installing dangerous software on their PCs that they did not authorize.

As with the best MacBooks, the easiest way to protect your Windows laptop from hackers is to install updates as soon as they become available. This may be a bit inconvenient, but hackers love to target devices that have not been updated despite the availability of fixes.

Here's how to update Windows 11 and here's how to update Windows 10. But often, when a major update becomes available, Windows downloads it in the background and applies it the next time you reboot your PC.

Microsoft Defender may be sufficient for your new laptop, but if you want additional protection, you may want to use one of the best antivirus software solutions in parallel. Similarly, using one of the best password managers will help protect your online accounts while preventing password reuse.

If you use one of the best Windows laptops, it is worth noting that Microsoft's Patch Tuesday Update is released on the second Tuesday of every month. That way, you can plan your work around the updates so that you are not interrupted while doing something important.