Microsoft has rolled out its latest monthly security update, tackling a total of 61 security vulnerabilities across its software suite. This update includes patches for two critical issues affecting Windows Hyper-V, capable of causing denial-of-service (DoS) conditions and remote code execution.
Of the 61 vulnerabilities addressed, two are classified as Critical, 58 as Important, and one as Low severity. While none of the flaws are currently known to be under active attack or publicly disclosed, six have been identified as having a higher likelihood of exploitation.
The recent patches come in addition to the 17 security flaws addressed in Microsoft's Chromium-based Edge browser since the February 2024 Patch Tuesday updates.
Among the critical vulnerabilities fixed are CVE-2024-21407 and CVE-2024-21408, impacting Hyper-V and posing risks of remote code execution and DoS attacks, respectively.
Furthermore, Microsoft's update also resolves privilege escalation flaws in various services, including Azure Kubernetes Service Confidential Container, Windows Composite Image File System, and Authenticator.
One noteworthy vulnerability, CVE-2024-21390, involves Microsoft Authenticator and could potentially grant attackers access to multi-factor authentication codes, posing a significant risk to user accounts.
Additionally, the update tackles a privilege escalation issue in the Print Spooler component (CVE-2024-21433) and a remote code execution flaw in Exchange Server (CVE-2024-26198), among others.
Despite the sizable number of vulnerabilities addressed in this update, the first quarter of Patch Tuesday in 2024 appears less eventful compared to previous years, with Microsoft patching a lower number of CVEs than usual.
Alongside Microsoft, several other vendors have also released security updates in recent weeks to address vulnerabilities in their products, including Adobe, Apple, Cisco, Google Chrome, Linux distributions, and many others.
This coordinated effort underscores the ongoing commitment of software vendors to bolster cybersecurity defenses and protect users from emerging threats. Regularly updating systems and applications remains a crucial practice to mitigate security risks and safeguard against potential exploits.
0 comments:
Post a Comment