If you're a Windows user, it's time to update your system with the latest security patch. Microsoft's recent update addresses a record 570 bugs, including three zero-days that have been actively exploited or publicly disclosed.
June's update previously held the record with patches for just over 200 flaws. This month's fixes are divided into several categories: 254 elevation-of-privilege vulnerabilities, 17 security feature bypass vulnerabilities, 145 remote-code-execution vulnerabilities, 102 information disclosure vulnerabilities, 16 spoofing vulnerabilities, and 35 denial-of-service vulnerabilities.
Among these, 59 bugs are rated "critical" and include remote code execution, elevation of privilege, security bypass, and spoofing flaws. Note that these figures don't include other vulnerabilities patched by Microsoft earlier this month.
Microsoft has patched the three Windows zero-days in July. Zero-days are the most dangerous type of security vulnerability. They are flaws that have been actively exploited in the wild or publicly disclosed before the developer releases an official fix.
The first actively exploited zero-day is an elevation of privilege flaw in Active Directory Federation Services that allows an attacker to elevate privileges locally on your machine. The second actively exploited vulnerability is also an elevation of privilege flaw in Microsoft SharePoint Server. A missing authentication for "critical function" can allow an unauthorized attacker to elevate privileges over a network.
The third zero-day addressed this month was publicly disclosed, but no known exploits are currently reported. It's a security bypass flaw in Windows BitLocker that could allow an attacker with physical access to obtain encrypted data.
To install the July Patch Tuesday update, check your PC's update status under Start > Settings > Windows Update > Check for Windows updates and install the latest update available. This update is typically released around 10 a.m. PT on the second Tuesday of every month.