SC Media reports that Microsoft has released fixes for 159 software vulnerabilities impacting its products as part of this month's Patch Tuesday, which Zero Day Initiative's Dustin Childs says is the firm's largest dump of addressed CVEs since 2017.
While only 11 of the fixed flaws were designated as critical in severity — including the Azure Marketplace, Visual Studio, and Windows Remote Desktop Services bugs — all of the other vulnerabilities have been regarded as important, including the actively exploited Windows Hyper-V NT weaknesses, which could be leveraged to enable system-level authorization.
"Although not specified, I would think that if the attacker were executing code at SYSTEM on the hypervisor from a guest, the CVSS would indicate a scope change," said Childs.
On the Adobe front, the company issued patches for 14 vulnerabilities, five of which were critical remote code execution flaws. Immediate patching of all the addressed security issues has been urged.
