If you haven’t updated your computer in a while, it is highly recommended that you install the latest security update from Microsoft because it patches a total of 132 flaws including six that are actively exploited. Zero-day vulnerabilities.
As I mentioned ComputerMicrosoft Updates July 2023 Patch Tuesday also addresses 37 Remote code execution vulnerabilities. To make matters worse, one of these flaws has not yet been fixed and is currently being exploited by hackers in their attacks.
Of the 132 flaws fixed in this latest Windows security update, 33 are elevation security vulnerabilities, 13 are security feature bypass vulnerabilities, 37 are remote detection vulnerabilities, and 19 are detection vulnerabilities. Information, 22 represent denial of service vulnerabilities and 7 impersonation vulnerabilities. It should be noted that the program did not fix any security vulnerabilities Microsoft Edge at this time.
You can find the full list of bugs fixed in this month’s Patch Tuesday updates here Update guide from Microsoft But we’ll go into more detail about the Six Days of Zero below.
Actively exploit vulnerabilities
Of these 132 flaws, six of them are zero-day vulnerabilities that have been exploited by hackers in cyberattacks against companies and individuals.
The first of these is the Windows MSHTML platform’s elevation of privilege weakness (tracked as CVE-2023-32046). This zero-day exploit is being exploited by hackers by tricking unsuspecting users into opening a specially created file through malicious emails or websites.
Next, we have the Windows SmartScreen security feature to bypass the vulnerability (tracked as CVE-2023-32049) attackers exploit to prevent the “File Opening – Security Warning” prompt from appearing when a user goes to download and open files from the Internet.
There is also a bug in the Windows Error Reporting Service, which is raising a privilege vulnerability (tracked as CVE-2023-36874) allows an attacker to gain administrative privileges on a vulnerable Windows machine. Fortunately, they will need local access to a Windows PC to exploit it.
Microsoft also provided guidance about a remote code execution vulnerability for Office and Windows HTML (tracked as CVE-2023-36884) makes it possible to remotely execute code on a Windows machine by having victims open a specially prepared Microsoft Office document. Malicious files used to exploit this flaw could potentially be delivered to victims via Phishing emails. Unlike the other zero days on this list, this one hasn’t been patched yet, but a fix will likely arrive in Patch Tuesday updates next month.
Finally, Microsoft has fixed an actively exploited zero-day vulnerability in Microsoft Outlook (tracked as CVE-2023-3531) that an attacker can use to bypass security warnings in the preview pane of their email service.
How to keep your Windows computer safe from hackers
The first step to protection The best Windows laptops And the desktops of hackers are updated by installing the latest security patches. I’ve known those for a long time Windows updates They can be annoying but when they contain fixes for zero-day vulnerabilities and other serious bugs like the ones shown above, you should not stop installing them.
In addition to that, you also want to make sure that some The best antivirus software on your computer. If you’re on a budget, Microsoft’s built-in antivirus is for you Windows Defender It can help scan your computer for malware and keep you safe from other cyber threats.
While 132 bugs may seem like a lot, Microsoft’s security team at least takes the time to fix them in order to keep Windows users safe, especially when six of these flaws are already being used by hackers in their attacks.
More Tom’s guide
[ad_2]