The latest Microsoft Patch Tuesday includes fixes for several zero-day vulnerabilities, and users should update immediately.
Zero-day vulnerabilities are among the most dangerous. By definition, a zero-day is a vulnerability that has been recently discovered, with no patches or mitigation efforts in place. As a result, hackers can exploit the vulnerability at will.
Microsoft’s latest set of patches includes fixes for several of those vulnerabilities, including six that are already being actively exploited in the wild. What’s more, according to Forbes, two of the vulnerabilities were known for at least two months before this patch became available.
“It took Microsoft more than two months to provide the patch, even though the company admitted that ProxyNotShell actively exploited the vulnerabilities in targeted attacks against at least 10 large organizations,” Mike Walters, vice president of vulnerability and threat research at Action1, told the outlet. “It is good news that an official patch is available now,” Walters added, saying that “installing it promptly is highly advisable.”
With fixes for 68 total vulnerabilities, 11 of them critical, users should immediately update.
More information can be found on the Microsoft Security Update Guide.