Microsoft patches more than 70 vulnerabilities in Patch Tuesday updates

According to Security Week , the Patch Tuesday patch released by Microsoft this time aims to fix a total of 72 vulnerabilities in various products of the Windows ecosystem, including products that allow attackers to execute remote code, bypass security features and escalate privileges on the system.

Of the 72 vulnerabilities fixed by Microsoft, the company said three were considered critical as they could allow attackers to use them to conduct phishing and spoofing attacks to bypass Windows security tools.

One of the vulnerabilities in question, CVE-2021-43890, dates back to 2021. According to Microsoft, the vulnerability is being exploited by hackers using related malware called Emotet, Trickbot, and Bazaloader. "In recent months, Microsoft Threat Intelligence has observed an increase in attacker activity using phishing and social engineering techniques to target Windows users," the company said in a statement. The company also noted that it has disabled the ms-appinstaller protocol in Windows by default to improve security.

Microsoft also called on Windows administrators to pay attention to the vulnerabilities CVE-2024-21412 and CVE-2024-21351, which allow users to bypass Windows security features and are used by attackers to carry out real attacks.

The current Patch Tuesday also includes a fix for the CVE-2024-21413 vulnerability, which allows remote code execution in Microsoft Office. Notably, this vulnerability received a score of 9.8/10, indicating a high severity level.