Microsoft's Patch Tuesday Update continued this month, fixing 79 security flaws, including four zero-day vulnerabilities that hackers are using to launch attacks

As reported by BleepingComputer, seven of these vulnerabilities are critical and can be exploited to achieve remote code execution or privilege escalation The remainder are rated critical, with the exception of one that is rated moderate [In total, there are 30 privilege escalation vulnerabilities, 4 security feature bypass vulnerabilities, 23 remote code execution vulnerabilities, 11 information leak vulnerabilities, 8 denial of service vulnerabilities, and 3 spoofing vulnerabilities Fortunately, all of these have been patched by Microsoft [Here is all you need to know about the four zero-day vulnerabilities hackers are using to attack and how to protect your own Windows PC from cyber attacks

Of these four actively exploited zero-day vulnerabilities, one has already been disclosed, but the remaining vulnerabilities have not yet been identified

The first zero-day (tracked as CVE-2024-38014) is a Windows Installer privilege escalation vulnerability that hackers can exploit to gain system privileges on a vulnerable PC We know that this vulnerability was discovered by the SEC Consult Vulnerability Lab, but Microsoft has yet to share details on how it is used in real attacks However, once the vulnerability was disclosed, SEC Consult released an open source tool to scan Windows PCs for installer files that could be exploited to elevate local privileges

The next zero-day (tracked as CVE-2024-38217) is a Windows Mark of the Web security feature bypass vulnerability It was publicly disclosed last month and security researchers believe hackers have been using it in attacks since 2018 The flaw allows attackers to bypass Mark of the Web (MOTW) defenses, and by using a specially crafted LNK file, hackers can bypass Microsoft's Smart App Control security feature

The third zero-day (tracked as CVE-2024-38226) is a Microsoft Publisher security feature bypass vulnerability When exploited, this vulnerability allows an attacker to bypass security protections for macros embedded in documents downloaded from the web This allows them to bypass the Microsoft Office macro policy used to block untrusted or malicious files

The last zero-day (tracked as CVE-2024-43491) is a remote code execution vulnerability in Microsoft Windows Update This flaw is of particular concern because it can be used to roll back some of Microsoft's previous fixes for vulnerabilities in some versions of Windows 10, and is of particular concern to companies running Windows 10 Enterprise and Windows 10 IoT Enterprise This month's Patch Tuesday update is a must for companies running Windows 10 Enterprise and Windows 10 IoT Enterprise

Like the best cell phones, the most important and easiest way to keep your Windows laptop or desktop safe from hackers is to install the latest updates as soon as they become available It is also fairly easy to remember to do this, as Microsoft will give you the option to install new updates every time you restart or shut down your PC

From here, you should also consider using the best antivirus software to protect you from malware and other viruses; Windows Defender is a great free option that ships with your PC, but paid antivirus software also come bundled with useful options like VPNs and password managers

At the same time, you want to make sure you are not downloading files or attachments from suspicious websites or emails The same goes for clicking on links in emails received from unknown senders One of the easiest ways to spot scam emails is that hackers often try to instill a sense of urgency by appealing to your emotions in order to get you to click or reply to their phishing emails

Patch Tuesday happens every month, and if you have one of the best Windows laptops, you should plan to update your PC around the second week of every month This may seem annoying, but dealing with these small, security-focused Windows updates is certainly better than becoming a victim of identity theft or having your computer hijacked by hackers