Microsoft’s monthly security update rollout in February patches 77 flaws affecting products in its portfolio, including three actively exploited zero-day vulnerabilities.
Nine of the 77 vulnerabilities are flagged “Critical” in severity, while the remaining 68 are marked as “Important.” Almost half (37 out of 77) were classified as Remote Code Execution (RCE) vulnerabilities.
Researchers spotted three zero-day vulnerabilities being exploited in the wild, namely:
For CVE 2023 21823, Microsoft decided to push the security update through the Microsoft Store rather than Windows Update. While this is not uncommon, users who disable automatic Microsoft Store updates may be exposed to this vulnerability.
Users who opted out of automatic Microsoft Store updates should either re-enable the feature or follow Microsoft’s guide on manually retrieving updates for apps and games in the Microsoft Store.
To dodge attacks that weaponize these flaws, users should apply the latest security updates immediately. Most systems should install the updates automatically; however, users who disabled automatic updates can also perform manual checks and apply any recommended patches.
Specialized software such as Bitdefender Ultimate Security can help you steer clear of zero-day exploits and other cyberthreats with its comprehensive feature library, including: