Urgent Windows update patches over 100 flaws — update your PC now

A laptop running Windows 11, representing an article about how to use task scheduler on windows
(Image credit: sdx15 / Shutterstock)

If you haven’t updated your PC in a while, it’s highly recommended that you install the latest security update from Microsoft as it patches a total of 132 flaws including six actively exploited zero-day vulnerabilities.

As reported by BleepingComputer, Microsoft’s July 2023 Patch Tuesday updates also address 37 remote code execution vulnerabilities. To make matters worse, one of these flaws has yet to be patched and is currently being actively exploited by hackers in their attacks.

Of the 132 flaws fixed in this latest security update for Windows, 33 are elevation of privilege vulnerabilities, 13 are security feature bypass vulnerabilities, 37 are remote code execution vulnerabilities, 19 are information disclosure vulnerabilities, 22 are denial of service vulnerabilities and 7 are spoofing vulnerabilities. It’s worth noting that the software has not fixed any vulnerabilities in Microsoft Edge at this time. 

You can find the full list of flaws fixed in this month’s Patch Tuesday updates in this update guide from Microsoft but we’ll go into further detail about the six zero-days below.

Actively exploited vulnerabilities

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

Among these 132 flaws, six are zero-day vulnerabilities that have been exploited by hackers in cyberattacks against businesses and individuals.

The first of which is a Windows MSHTML platform elevation of privilege vulnerability (tracked as CVE-2023-32046). This zero-day is being exploited by hackers by tricking unsuspecting users to open a specially crafted file through emails or malicious websites.

Next up, we have a Windows SmartScreen security feature bypass vulnerability (tracked as CVE-2023-32049) that attackers are exploiting to prevent the Open File - Security Warning prompt from appearing when a user goes to download and open files from the internet. 

There’s also a Windows error reporting service elevation of privilege vulnerability (tracked as CVE-2023-36874) that lets an attacker gain administrative privileges on a vulnerable Windows device. Fortunately though, they would need to have local access to a Windows PC to exploit it.

Microsoft has also provided guidance for an Office and Windows HTML remote code execution vulnerability (tracked as CVE-2023-36884) that makes it possible to execute remote code on a Windows machine by having victims open a specially-crafted Microsoft Office document. The malicious files used to exploit this flaw would likely be delivered to victims via phishing emails. Unlike the other zero-days in this list, this one has yet to be patched but a fix will likely arrive in next month’s Patch Tuesday updates.

Finally, Microsoft has fixed an actively exploited zero-day vulnerability in Microsoft Outlook (tracked as CVE-2023-3531) that can be used by an attacker to bypass security warnings in the preview pane of its email service.

How to keep your Windows PC safe from hackers

The first step to protecting the best Windows laptops and desktops from hackers is to keep them up to date by installing the latest security patches. I know those long Windows Updates can be annoying but when they contain fixes for zero-day vulnerabilities and other dangerous bugs like the ones described above, you shouldn’t hold off on installing them.

Besides this, you also want to make sure you’re running some of the best antivirus software on your PC. If you’re on a tight budget, Microsoft’s built-in antivirus software Windows Defender can help scan your PC for malware and keep you safe from other cyberthreats.

While 132 bugs may sound like a lot, at least Microsoft’s security team is taking the time to patch them in order to keep Windows users safe, especially when six of these flaws are already being used by hackers in their attacks.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.