Urgent Windows update patches over 100 flaws — update your PC now
Latest update patches 132 flaws including 6 zero-day vulnerabilities
If you haven’t updated your PC in a while, it’s highly recommended that you install the latest security update from Microsoft as it patches a total of 132 flaws including six actively exploited zero-day vulnerabilities.
As reported by BleepingComputer, Microsoft’s July 2023 Patch Tuesday updates also address 37 remote code execution vulnerabilities. To make matters worse, one of these flaws has yet to be patched and is currently being actively exploited by hackers in their attacks.
Of the 132 flaws fixed in this latest security update for Windows, 33 are elevation of privilege vulnerabilities, 13 are security feature bypass vulnerabilities, 37 are remote code execution vulnerabilities, 19 are information disclosure vulnerabilities, 22 are denial of service vulnerabilities and 7 are spoofing vulnerabilities. It’s worth noting that the software has not fixed any vulnerabilities in Microsoft Edge at this time.
You can find the full list of flaws fixed in this month’s Patch Tuesday updates in this update guide from Microsoft but we’ll go into further detail about the six zero-days below.
Actively exploited vulnerabilities
Among these 132 flaws, six are zero-day vulnerabilities that have been exploited by hackers in cyberattacks against businesses and individuals.
The first of which is a Windows MSHTML platform elevation of privilege vulnerability (tracked as CVE-2023-32046). This zero-day is being exploited by hackers by tricking unsuspecting users to open a specially crafted file through emails or malicious websites.
Next up, we have a Windows SmartScreen security feature bypass vulnerability (tracked as CVE-2023-32049) that attackers are exploiting to prevent the Open File - Security Warning prompt from appearing when a user goes to download and open files from the internet.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
There’s also a Windows error reporting service elevation of privilege vulnerability (tracked as CVE-2023-36874) that lets an attacker gain administrative privileges on a vulnerable Windows device. Fortunately though, they would need to have local access to a Windows PC to exploit it.
Microsoft has also provided guidance for an Office and Windows HTML remote code execution vulnerability (tracked as CVE-2023-36884) that makes it possible to execute remote code on a Windows machine by having victims open a specially-crafted Microsoft Office document. The malicious files used to exploit this flaw would likely be delivered to victims via phishing emails. Unlike the other zero-days in this list, this one has yet to be patched but a fix will likely arrive in next month’s Patch Tuesday updates.
Finally, Microsoft has fixed an actively exploited zero-day vulnerability in Microsoft Outlook (tracked as CVE-2023-3531) that can be used by an attacker to bypass security warnings in the preview pane of its email service.
How to keep your Windows PC safe from hackers
The first step to protecting the best Windows laptops and desktops from hackers is to keep them up to date by installing the latest security patches. I know those long Windows Updates can be annoying but when they contain fixes for zero-day vulnerabilities and other dangerous bugs like the ones described above, you shouldn’t hold off on installing them.
Besides this, you also want to make sure you’re running some of the best antivirus software on your PC. If you’re on a tight budget, Microsoft’s built-in antivirus software Windows Defender can help scan your PC for malware and keep you safe from other cyberthreats.
While 132 bugs may sound like a lot, at least Microsoft’s security team is taking the time to patch them in order to keep Windows users safe, especially when six of these flaws are already being used by hackers in their attacks.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.