Published: May 13, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Every second Tuesday of the month, Microsoft releases their Patch Tuesday fixes, most of which update automatically as long as a user chooses the auto-update function. Now that the day following Patch Tuesday is called “Exploit Wednesday” by hackers, updating patches shouldn’t wait even one day. Hackers know manual updates tend to be put off by users until they take the time to apply them. This makes Exploit Wednesdays a fruitful day for those taking advantage of those who wait to update.
Zero-Days and RCEs
A particular patch known as CVE-2023-21823 impacts Windows 10 and 11 users, and most 2008 to current versions of Windows Server. This patch, released in April fixes both the zero-day and remote code execution (RCE) vulnerabilities. But, it needs to be manually updated. The auto-update feature won’t work. So, if you haven’t “gotten around to it” yet, make some time to get it applied. For May, Patch Tuesday addressed 38 security flaws, including one zero-day issue that is believed to be actively expoited in the wild.
A zero-day vulnerability means a flaw was previously unknown by the software creator, in this case Microsoft. Unknown flaws have no patch available, leaving Microsoft and its user’s in the dark with “zero days” to patch the vulnerability. Hacker’s who know the zero-day flaw exists can exploit it until a patch is released and downloaded to a device.
Remote code execution (RCE) is another problem you’ll want to avoid, so if you see a patch that fixes an RCE, don’t delay. RCEs allow a hacker to run malicious code remotely on a device without having access privileges. They are typically critical in nature and exploit zero-day vulnerabilities. A successful RCE attacker can access a device or network and infect it with their choice of malware. At least one of these is addressed in the May release.
Reduce Flaw Exposure
Keeping on top of Microsoft’s Patch Tuesdays is the first step to reduce your flaw vulnerabilities. On the second Tuesday of the month, keep an eye out for Windows updates. Consider choosing auto-update functions for Windows Update and the Microsoft Store. But do so knowing that some flaws may need manual updating from the Microsoft Store. Microsoft’s Security Update Guide also has a full list of updates.
In general, paying attention to all software Patch Tuesdays can mean the difference between keeping your device safely updated or letting a hacker do damage. So, remember to patch-on with Patch Tuesdays!
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com