Microsoft has released the October 2023 security updates for Windows 11, which contain fixes for three actively exploited zero-day vulnerabilities.
The vulnerabilities are:
CVE-2023-38166 - A remote code execution flaw in the L2TP VPN protocol.
CVE-2023-41765 - A remote code execution flaw in the MSMQ messaging service.
CVE-2023-35349 - An elevation of privilege flaw in Outlook relating to email attachments.
All three are rated critical severity due to the risks they pose. Attackers could leverage them to execute arbitrary code and malware on vulnerable systems.
Microsoft strongly encourages Windows 11 users to apply the October patches promptly to protect against potential attacks involving these vulnerabilities.
The updates can be installed manually through the Microsoft Update Catalog or via Windows Update. Users should check for the latest updates by going to Settings > Update & Security > Windows Update.
Applying timely security updates is a crucial best practice for mitigating cyber risks. These zero-day fixes highlight Microsoft's ongoing efforts to identify and address active exploits targeting Windows users.