Yesterday was second Tuesday of the month, which means that, as usual, Microsoft took the opportunity to launch its new security patches for Windows with which to correct all the vulnerabilities detected in the last month. This time, the company brings a good number of fixes, and the most important thing is that two of the security problems are currently being used by hackers. If you don’t want to be its victim, update your computer NOW.

In total, this month Microsoft has fixed 59 vulnerabilities. The most important thing is that, of these 59, two of them are being actively exploited by hackers, endangering the security of users.

Of these 59 security flaws, Microsoft has only considered 5 as critical: 4 of them are of the RCE (remote code execution) type, the most important type of vulnerability today, and the fifth is found in the Azure Kubernetes service and allows escalation of privileges within the system.

Specifically, Windows vulnerabilities are divided as follows:

  • 3 security flaws that allow you to evade security measures on the PC.
  • 24 RCE (remote code execution) type vulnerability.
  • 9 failures to disclose confidential information.
  • 3 denial of service vulnerabilities.
  • 5 “spoofing” type failures.
  • 5 misses on Edge.

After installing these new security patches, these 59 bugs will be corrected in the system and we will prevent hackers from taking advantage of them to endanger our computer and our data. Additionally, these new security patches include fixes from the optional August 2023 patchan update focused on fixing non-security bugs.

The two serious zero-day vulnerabilities

Of the 59 security flaws, the ones that concern us the most are these two zero-day flaws. Zero-day bugs are known as those that have been discovered and used before by hackers and corrected by the company, since they endanger users.

The first of them is CVE-2023-36802. This flaw is found in the Microsoft Streaming proxy service, and allows privileges to escalate in the system until reaching the SYSTEM rank, the highest of all. The second of them, CVE-2023-36761is located in Microsoft Word, and allows you to recover confidential system information by stealing NTLM hashes.

It is necessary to take extreme precautions while we correct these security flaws if we do not want to run greater risks.

Update Windows to stay safe

These new security updates are now available for all Windows 10 (supported versions) and Windows 11 users. To install them, we just have to go to Windows Update and search for new updates on the system. If we don’t want to, nothing happens either, since Windows periodically searches for patches, and downloads and installs them only when they are available, so, one way or another, we will have the PC updated and protected.

Security patch September 2023 Windows 11

In addition, we also have the possibility of downloading the updates manually and installing them on computers that, for example, do not have an Internet connection. We can download these updates from Microsoft servers through the following links:

  • KB5030211 for Windows 10 22H2
  • KB5030217 for Windows 11 RTM
  • KB5030219 Windows 11 22H2