Every second Tuesday of each month, Microsoft typically issues a collection of patches and bug fixes for Windows. This week’s patch Tuesday delivers four zero-day exploits, two with high severity ratings, alongside several supporting updates from Adobe.
On Microsoft’s infamous “Patch Tuesday,” several prominent software companies, including Adobe, typically release critical security updates. Updates are rolled out across the company network at the start of the week or the following day, commencing at mid-morning Pacific Standard Time.
On the second Tuesday of every month, administrators rely on Patch Tuesday as a timely reminder to install crucial Microsoft security patches and stay ahead of emerging threats.
Attackers exploited 4 zero-day vulnerabilities
Four critical vulnerabilities that cybercriminals have exploited include:
- A vulnerability in the Servicing Stack of Windows 10, version 1507 has been identified, allowing previously thought-to-be-mitigated elements to be exploited. Subsequent updates to Windows 10 will not have any impact. Microsoft has addressed this vulnerability through the September 2024 Servicing Stack Update and Windows Security Update.
- A critical bypass vulnerability has been identified in Microsoft Writer, potentially allowing unauthorized access and manipulation of sensitive information.
- A potential avenue through which an attacker may circumvent Mark of the Internet’s security notifications.
- A flaw that enables unauthorized access to elevated permissions, potentially permitting malicious actors to exploit system weaknesses.
A pair of security flaws has been downgraded from a critical to an important rating by the National Institute of Standards and Technology (NIST).
The National Vulnerability Database’s (NVD) Widespread Vulnerability Scoring System classifies vulnerabilities meeting a specific threshold of severity as “important” within its prioritization framework. The following vulnerabilities demand urgent attention: CVE-2024-43491 and CVE-2024-38220, specifically a privilege escalation vulnerability affecting Azure Stack Hub.
Nineteen seventy-nine flaws were fixed and deployed on the latest Replace Tuesday in September.
Adobe has introduced a new program of regular, monthly security patches for its products.
Adobe launched a suite of creative applications, including Photoshop, Chlyl Fusion, Acrobat Reader, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder.
