At launch, we issued updates that address at least 90 critical security flaws within our software and its associated applications, many of which were already being aggressively exploited by malicious actors.
Picture: Shutterstock.
Microsoft’s latest patch release brings together a collection of security fixes addressing vulnerabilities in Windows, as well as Office, Edge, Internet Explorer, ChakraCore, and Visual Studio Code, ensuring the stability and security of users’ systems this month. Among the six zero-day exploits patched by Microsoft this month, three are native privilege escalation vulnerabilities, rendering them relatively ineffectual on their own but posing a significant threat when combined with other weaknesses or initial vectors.
The exploitation of unpatched flaws in Windows’ , , and components enables attackers to gain SYSTEM-level privileges on vulnerable machines, compromising the security posture of affected systems.
Microsoft’s advisories provide limited information on the last two privilege escalation vulnerabilities, aside from acknowledging that they are being actively exploited in the wild. According to Microsoft, vulnerability CVE-2024-38106 resides in the Windows Kernel, with reports suggesting it’s currently under active exploitation. Notwithstanding its high “attack complexity,” the company warns that this could make it challenging for malicious actors to successfully leverage the flaw consistently.
“Microsoft considers the exploit complexity ‘excessive’ due to the attacker’s requirement to successfully navigate a timing-based vulnerability, according to Pattern Micro’s renowned Zero Day Initiative.” Despite these challenges, certain racing events prove easier to manage than others. In cases such as these, the CVSS score may prove misleading. The race circumstances that complicate the CVSS rating lead to an excessively high vulnerability score, as evidenced by the rapid exploitability of this bug in the wild.
This month’s other zero-day vulnerability affects a distant code execution flaw when the built-in browser operates in “Internet Explorer Mode.” While not enabled by default in Edge, IE mode can be toggled on to accommodate older websites or features unsupported by modern Chromium-based browsers, highlighting the importance of cautious browsing practices.
“As companies often deviate from standard settings, the fact that this exploit is currently in use suggests that attackers have identified specific organizations with this misconfiguration,” said [Name], senior director of threat analysis at Immersive Labs.
A zero-day flaw exists, allowing malware to circumvent Windows’ “Mark of the Net” safety feature, which marks data downloaded from the internet as untrusted – a capability responsible for the “Windows protected your PC” pop-up that appears when opening downloaded files.
This vulnerability, while not exploitable in isolation, typically forms part of a larger exploit chain; for example, it could be used to modify malicious documents or executable files, enabling them to bypass security controls before being distributed via email or compromising websites.
The ultimate zero-day vulnerability this month has been identified as a distant code execution flaw in Azure Cosmos DB. Despite claims from Microsoft and several security companies that this vulnerability only affects clients who have already disabled notifications regarding the risks of running VBA Macros in Microsoft Project, it is not wise to assume that malware has a long history of hiding within malicious Office macros.
Upon launch, the company issued 11 safety bulletins to address at least 71 safety vulnerabilities across its product lineup, including software from various manufacturers such as, , , , , , and. Adobe denies being aware of any concerted effort to exploit its recent vulnerabilities.
Staying abreast of security updates from Microsoft is a crucial best practice for Windows users, as numerous patches can quickly accumulate without vigilance. You don’t have to update your software on Patch Tuesday every month. Waiting a day or three before installing an update is a reasonable approach, given that most updates are rolled back by Microsoft within a couple of days if issues arise. Prior to applying new updates, it is advisable to backup your knowledge and visualize your Windows drive.
For an extra-detailed breakdown of the person’s flaws addressed by Microsoft at the moment, try accessing the company’s official website or consulting their latest publications on employee development and training programs. For administrators responsible for managing large Windows environments, keeping a close eye on the Windows Health Dashboard is essential, as it frequently flags potential issues caused by Microsoft updates that may affect many users.
