PC enthusiasts and system admins alike have always been fond of Patch Tuesday, which is when Microsoft drops its latest security updates for its wide array of products. The one that dropped this week was a humdinger, addressing six zero-day attacks, which is a lot for one patch. Overall, it fixes 132 vulnerabilities; of those, 122 were marked "critical," with nine labeled "important." There was also a single issue that received no rating. Regardless, you should walk over to your PC now and hit the Windows Update button to ensure your system is secure.
Of the six zero-day exploits, Microsoft had only acknowledged one of them, so more on that below. Companies don't typically announce a zero-day exists for obvious reasons. Also, Microsoft classifies a threat as "zero-day" if it's already been disclosed by a third party or if it's being actively exploited without an existing fix for it, according to Bleeping Computer. Overall, the vulnerabilities include 33 elevation of privilege, 13 that bypassed security warnings, 37 for remote code execution, 19 for information disclosure, 22 for denial of service, and 7 for spoofing. Despite Microsoft's extensive fixes, none are for its Edge browser.
The six most critical vulnerabilities were being actively exploited by bad actors, and they typically involved opening links or documents that hackers sent to people. For example, CVE-2023-32049 bypasses the Windows Security Screen that would appear when you tried to open a downloaded file. CVE-2023-32046 is similar in that it allows for the elevation of privileges when opening a specially crafted file. If you needed another reminder to be wary of opening attachments in emails, or files you downloaded, here it is.
Microsoft also addressed a zero-day that is being actively exploited but for which no current fix exists. It's called CVE-2023-36884, and it targets Windows and Office with, again, specially crafted documents that allow remote code execution. Microsoft notes the attacker has to convince the victim to open the file, allowing them to do their worst. The company is still investigating this and will release an out-of-cycle update shortly. It thinks the hacker group formerly known as RomCom is behind this attack.
Additionally, Microsoft has taken action against so-called rootkit attacks involving drivers signed by Microsoft and used maliciously. Cisco Talos reported this one and says it intercepts browser traffic for Chrome, Edge, Firefox, and browsers used in China. The company has suspended the developers' accounts abusing this policy and revoked the related security certificates.
