Microsoft has released security updates for 130 vulnerabilities, including four that are known to be actively exploited.
The four actively exploited vulnerabilities are:
- CVE-2023-32049: A Windows SmartScreen Security Feature Bypass vulnerability.
- CVE-2023-35311: A Microsoft Outlook Security Feature Bypass vulnerability.
- CVE-2023-32046: A Windows MSHTML Platform Elevation of Privilege (EoP) vulnerability.
- CVE-2023-36874: A Windows Error Reporting Service Elevation of Privilege vulnerability.
Other vendors have also released security updates, including Adobe, Apple, Cisco, Fortinet, Google, MOVEit, Mozilla, SAP, and VMware. These updates are important to install as soon as possible to protect your systems from attack.
Other details:
- The CVE-2023-32049 vulnerability can be exploited by tricking users into clicking on a malicious link. Once clicked, the link will bypass the Windows SmartScreen security warning and allow the attacker to execute arbitrary code on the victim's computer.
- The CVE-2023-35311 vulnerability can be exploited by tricking users into opening a malicious Microsoft Outlook email. Once opened, the email will bypass the Microsoft Outlook security warning and allow the attacker to execute arbitrary code on the victim's computer.
- The CVE-2023-32046 vulnerability can be exploited by tricking users into opening a malicious file. Once opened, the file will exploit the vulnerability and allow the attacker to gain elevated privileges on the victim's computer.
- The CVE-2023-36874 vulnerability can be exploited by attackers who have local access to a victim's computer. Once exploited, the vulnerability will allow the attacker to gain administrator privileges on the victim's computer.