According to Security Week , Microsoft's Patch Tuesday update aims to fix a total of 72 vulnerabilities in various products within the Windows ecosystem, including those that allow attackers to execute remote code, bypass security features, and escalate privileges on the system.
The latest Patch Tuesday update fixes dozens of vulnerabilities in Windows.
Of the 72 vulnerabilities fixed by Microsoft, the company said three were deemed dangerous as they could allow attackers to carry out phishing and spoofing attacks to bypass Windows security tools.
One of the vulnerabilities in question, CVE-2021-43890, dates back to 2021. According to Microsoft, this vulnerability is being exploited by hackers using related malware called Emotet, Trickbot, and Bazaloader. The company stated in its press release: "In recent months, Microsoft Threat Intelligence has observed an increase in activity by attackers using phishing and social networking techniques to attack Windows users." The company also noted that it has been forced to disable the ms-appinstaller protocol in Windows by default to improve security.
Microsoft also urged Windows administrators to pay attention to vulnerabilities CVE-2024-21412 and CVE-2024-21351, which allow users to bypass Windows security features and are used by attackers to carry out real attacks.
The current Patch Tuesday update also includes a fix for the CVE-2024-21413 vulnerability, which allows remote code execution in Microsoft Office. Notably, this vulnerability received a score of 9.8/10, indicating a high level of severity.
Source link
Comment (0)