If you haven’t updated your PC in a while, it’s highly recommended that you install the latest security update from Microsoft as it patches a total of 132 flaws including six actively exploited zero-day vulnerabilities.
As reported by BleepingComputer, Microsoft’s July 2023 Patch Tuesday updates also address 37 remote code execution vulnerabilities. To make matters worse, one of these flaws has yet to be patched and is currently being actively exploited by hackers in their attacks.
Of the 132 flaws fixed in this latest security update for Windows, 33 are elevation of privilege vulnerabilities, 13 are security feature bypass vulnerabilities, 37 are remote code execution vulnerabilities, 19 are information disclosure vulnerabilities, 22 are denial of service vulnerabilities and 7 are spoofing vulnerabilities. It’s worth noting that the software has not fixed any vulnerabilities in Microsoft Edge at this time.
You can find the full list of flaws fixed in this month’s Patch Tuesday updates in this update guide from Microsoft but we’ll go into further detail about the six zero-days below.
Actively exploited vulnerabilities
Among these 132 flaws, six are zero-day vulnerabilities that have been exploited by hackers in cyberattacks against businesses and individuals.
The first of which is a Windows MSHTML platform elevation of privilege vulnerability (tracked as CVE-2023-32046). This zero-day is being exploited by hackers by tricking unsuspecting users to open a specially crafted file through emails or malicious websites.
Next up, we have a Windows SmartScreen security feature bypass vulnerability (tracked as CVE-2023-32049) that attackers are exploiting to prevent the Open File - Security Warning prompt from appearing when a user goes to download and open files from the internet.
There’s also a Windows error reporting service elevation of privilege vulnerability (tracked as CVE-2023-36874) that lets an attacker gain administrative privileges on a vulnerable Windows device. Fortunately though, they would need to have local access to a Windows PC to exploit it.
Microsoft has also provided guidance for an Office and Windows HTML remote code execution vulnerability (tracked as CVE-2023-36884) that makes it possible to execute remote code on a Windows machine by having victims open a specially-crafted Microsoft Office document. The malicious files used to exploit this flaw would likely be delivered to victims via phishing emails. Unlike the other zero-days in this list, this one has yet to be patched but a fix will likely arrive in next month’s Patch Tuesday updates.
Finally, Microsoft has fixed an actively exploited zero-day vulnerability in Microsoft Outlook (tracked as CVE-2023-3531) that can be used by an attacker to bypass security warnings in the preview pane of its email service.
How to keep your Windows PC safe from hackers
The first step to protecting the best Windows laptops and desktops from hackers is to keep them up to date by installing the latest security patches. I know those long Windows Updates can be annoying but when they contain fixes for zero-day vulnerabilities and other dangerous bugs like the ones described above, you shouldn’t hold off on installing them.
Besides this, you also want to make sure you’re running some of the best antivirus software on your PC. If you’re on a tight budget, Microsoft’s built-in antivirus software Windows Defender can help scan your PC for malware and keep you safe from other cyberthreats.
While 132 bugs may sound like a lot, at least Microsoft’s security team is taking the time to patch them in order to keep Windows users safe, especially when six of these flaws are already being used by hackers in their attacks.