Microsoft released a vital new update yesterday, resolving nearly 100 issues leaving your Windows 10 PC vulnerable to cyber attacks. If you own a device that runs on Windows 10, it is best that you install this update as soon as you can, in order to protect yourself from criminals online looking to steal your data. On Tuesday, Microsoft released its April 2023 patch, which fixed a total of 97 flaws, of which one was an actively exploited zero-day vulnerability.
For those not aware zero-day means the glitch has already been spotted by hackers and is being actively exploited in the wild.
Microsoft classifies a vulnerability as “zero-day” if the issue is publicly disclosed, or is being actively exploited by criminals, while the company has no official fix available.
Of these 97 issues, seven of them had been classified as being “critical” for allowing remote code execution.
This means that hackers could have used this flaw to access your computer remotely and make changes to it, or steal your data.
According to BleepingComputer, the number of bugs in each vulnerability category are:
20 Elevation of Privilege Vulnerabilities
8 Security Feature Bypass Vulnerabilities
45 Remote Code Execution Vulnerabilities
10 Information Disclosure Vulnerabilities
9 Denial of Service Vulnerabilities
6 Spoofing Vulnerabilities
In a statement, Microsoft highlighted the zero-day threat writing: “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.”
The flaw, which was discovered by Genwei Jiang with Mandiant and Quan Jin with DBAPPSecurity WeBin Lab, was described as a privilege elevation vulnerability.
This is another type of network attack which is used by hackers to gain unauthorized access to systems within a security perimeter.
Meanwhile, Microsoft also issued a patch for remote code execution threats that were found in Office, Word, and Publisher.
While they were not being exploited so far, these threats were so serious that you could be besieged by crooks by simply opening a suspicious Word document.
These types of flaws are commonly used in phishing attacks, which means that hackers will often look for ways to exploit these problems for use in malware distribution campaigns.
BBC Scam Interceptors: Hackers reveal tricks of trade
To protect your computer from being attacked, it is advised that you should update your Windows immediately.
How to update Windows 10
If you’d like to install it immediately, click on the start button and head to settings.
Next, head to “Update & Security” and click on the “Windows Update” page.
Select “Check for updates”. If an update is available, you can install it immediately, or schedule it for a later time.
Source: Read Full Article