At this very instant, Microsoft has rolled out a slew of safety patches to address no fewer than 117 security vulnerabilities across various computer systems and software programs, including two flaws that are currently being exploited in active attacks. The company has successfully implemented 52 security patches across diverse product lines, concurrently resolving an issue affecting numerous cybersecurity tools in its “replace” feature update.
A vulnerability within Microsoft’s proprietary engine for its internet browser stems from a longstanding security weakness. As recent discoveries go, it’s strikingly familiar because this marks the fourth MSHTML vulnerability to be exploited in the wild thus far in 2024.
A cybersecurity engineer at Microsoft has identified a vulnerability that enables attackers to deceive customers into accessing malicious online content by masquerading as legitimate websites, taking advantage of how Windows handles certain internet protocols.
“When consumers engage with seemingly innocuous content, attackers can capitalize on their trust, exploiting vulnerabilities through phishing attacks that ultimately grant them unauthorized access to sensitive data or compromise online services.”
Despite Microsoft’s retirement of Internet Explorer from various platforms, the underlying MSHTML technology remains robust and resilient.
“The use of outdated software poses a risk to workers who rely on them daily, especially when handling sensitive information or conducting online financial transactions.”
A previously unknown vulnerability has been discovered in Windows, specifically in the Windows Management Instrumentation (WMI) component, which allows system administrators to configure and monitor systems.
A senior engineer at a prominent organization observed that the patch for CVE-2024-43572 was released several months after researchers unveiled an attack methodology, dubbed , which exploited an outdated cross-site scripting (XSS) vulnerability combined with a custom Microsoft Saved Console (MSC) file to gain code execution privileges.
“Notably, Microsoft addressed a critical Microsoft Management Console (MMC) vulnerability in September, with no evidence of exploitation or public disclosure prior to the patch being released.” Since the discovery of CVE-2024-43572, Microsoft has implemented a security measure to prevent unauthorized opening of MSC files on a system.
Microsoft has also patched several vulnerabilities in its software, including, , , and. The vulnerabilities are categorized by their severity and exploitability as follows:
In late February, Apple released macOS 15, code-named Sequoia, which inadvertently crippled the functionality of security tools from multiple vendors, including CrowdStrike, SentinelOne, and Microsoft. On Oct. This solution ensures seamless integration across all platforms, thereby resolving any potential issues and guaranteeing a smooth user experience.
Adobe has issued security patches to address a total of 52 vulnerabilities across various software products, including Acrobat, ColdFusion, Flash Player, FrameMaker, Illustrator, InCopy, InDesign, and Photoshop.
Before applying any updates, ensure that you have backed up essential information to avoid potential losses. Typically, with zero-day intervals between patch releases, it’s often advisable to wait a few days before applying updates to account for potential stability or compatibility improvements that may arise from subsequent patches. Frequently inspects the area around any damaged patches.
When encountering issues despite patch updates, kindly leave a note in the comments section; it’s likely that someone else has encountered the same problem and may have already found a solution.
