If you haven’t updated your PC in a while, it’s recommended to install the latest security update from Microsoft, as it patches a total of 132 vulnerabilities, including six that are actively exploited. Zero-day vulnerability.
Reported by Bleeping computerMicrosoft’s July 2023 Patch Tuesday updates also address 37 Remote code execution Vulnerabilities. To make matters worse, one of these flaws has yet to be fixed and is currently being actively exploited by hackers in their attacks.
Of the 132 vulnerabilities addressed in this latest security update for Windows, 33 are elevation of privilege vulnerabilities, 13 are security feature bypass vulnerabilities, 37 are remote code execution vulnerabilities, 19 are information disclosure vulnerabilities, and 22 are denial of service vulnerabilities. Vulnerabilities. It should be noted that the software has not fixed any bugs Microsoft Edge at this time.
You can find the full list of bugs fixed in this month’s Patch Tuesday updates here Update guide from Microsoft But we’ll go into more detail about the six zero days below.
Vulnerabilities that are actively exploited
Of these 132 vulnerabilities, six were zero-day vulnerabilities exploited by hackers in cyberattacks against businesses and individuals.
The first of which is a Windows MSHTML platform elevation of privilege vulnerability (tracked CVE-2023-32046). These zero-day hackers exploit by tricking unsuspecting users into opening a specially crafted file via emails or malicious websites.
Next, we have a Windows SmartScreen security feature bypass vulnerability (tracked as CVE-2023-32049) is being exploited by attackers to prevent the Open File – Security Warning prompt from appearing when a user is about to download and open files from the Internet.
There is also an elevation of privilege vulnerability for a Windows Error Reporting Service (tracked by CVE-2023-36874) which allows an attacker to gain administrative privileges on a vulnerable Windows device. Fortunately, they need local access to a Windows PC to take advantage of it.
Microsoft has provided guidance for an Office and Windows HTML remote code execution vulnerability (tracked CVE-2023-36884) enables victims to execute remote code on a Windows machine by opening a specially crafted Microsoft Office document. Malicious files used to exploit this flaw are likely to be delivered to victims Phishing emails. Unlike the other zero days on this list, it hasn’t been patched yet, but there will be a fix in next month’s Patch Tuesday updates.
Finally, an actively exploited zero-day vulnerability in Microsoft Outlook has been fixed (tracked CVE-2023-3531) that an attacker could use to bypass security warnings in the preview pane of its email service.
How to Secure Your Windows PC from Hackers
The first step to saving Best Windows Laptops Keeping desktops up-to-date from hackers is by installing the latest security patches. I know all that Windows updates While they may be annoying but contain fixes for zero-day vulnerabilities and other dangerous bugs like the ones described above, don’t put off installing them.
In addition to this, you also want to make sure that you run some Best antivirus software on your PC. If you’re on a tight budget, Microsoft’s built-in antivirus software Windows Defender Scan your PC for malware and help keep you safe from other cyber threats.
While 132 bugs may seem like a lot, at least Microsoft’s security team is taking the time to patch them to keep Windows users safe, especially when these six flaws are already being used by hackers in their attacks.