Nearly 80 security vulnerabilities have been addressed by Microsoft as part of this month's Patch Tuesday, four of which were actively exploited zero-days, reports SC Media.
Immediate remediation has been urged for the zero-days — which include a Microsoft Publisher issue, tracked as CVE-2024-38226, a Windows Mark of the Web security bypass bug, tracked as CVE-2024-38217, a Windows Installer privilege escalation vulnerability, tracked as CVE-2024-38014, and a Windows MSHTML spoofing flaw, tracked as CVE-2024-43461.
The most severe of the patched issues was a Windows Update system downgrade vulnerability, tracked as CVE-2024-43491, which was noted by the Trend Micro Zero Day Initiative to be actively exploited despite Microsoft's denial.
"It's also interesting to note that while this particular bug isn't being exploited in the wild, it allowed some of those Optional Components to be exploited. The only good news here is that only a portion of Windows 10 systems are affected," said ZDI's Dustin Childs. On the other hand, updates have also been issued by Adobe to fix 28 vulnerabilities across its products, 10 of which were critical although none have been actively exploited.
