Patch Tuesday: Microsoft Catches Four Zero-Day Vulnerabilities

Date:

Share:


Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe.

On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the beginning of the week or the following day.

Patch Tuesday is a useful reminder for admins to ensure their Microsoft security updates are up to date.

Attackers exploited four zero-day vulnerabilities

The four vulnerabilities attackers have already taken advantage of are:

  • CVE-2024-43491: a flaw in Servicing Stack in Windows 10, version 1507 that opens up Optional Components to vulnerabilities previously thought to be mitigated. Later versions of Windows 10 are not affected. The September 2024 Servicing stack update and the September 2024 Windows security update address this flaw.
  • CVE-2024-38226: a bypass vulnerability in Microsoft Publisher.
  • CVE-2024-38217: a technique by which an attacker could evade Mark of the Web security alerts.
  • CVE-2024-38014: a vulnerability that creates improper privilege management and could grant attackers unwanted privileges.

SEE: IBM’s Chris Hockings is optimistic about the safety of the internet in the next five years due to passkeys and defenses against deepfakes.

Two vulnerabilities fell under NIST’s ‘critical’ category

The National Vulnerability Database’s Common Vulnerability Scoring System assigns a “critical” rating to vulnerabilities that meet a certain threshold of severity in their prioritization system. These vulnerabilities, which require immediate attention, include CVE-2024-43491, as listed above, and CVE-2024-38220, which involves an elevation of privilege vulnerability in the Azure Stack Hub.

In total, fixes for 79 flaws were deployed in September’s Update Tuesday.

Adobe released its own monthly security updates

Adobe released its own handful of fixes for Photoshop, Cold Fusion, Acrobat Reader, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder.



Source link

━ more like this

PC hardware feels like it’s in early access | Tech Reader

PC hardware is feeling increasingly unstable at launch, and that really came into view with AMD’s release of Ryzen 9000 CPUs. AMD released...

Google Docs adds tabs to help you stay organized

Google has released a new feature for Docs that will make it easier to break down — and, later, to find and access...

Roli’s New Instrument Is Both an AI Piano Teacher and a Digital Theremin

“I was hitting a wall with Lumi,” Lamb says. “It’s great to learn, but we found that people just weren't progressing enough.”Lamb envisions...

NYT Crossword: answers for Tuesday, October 8 | Tech Reader

The New York Times crossword puzzle can be tough! If you're stuck, we're here to help with a list of today's clues and...

Amazon’s Kindle Scribe is $85 off for Prime Day

The Kindle that lets you take handwritten notes is on sale for Amazon Prime Day. The 16GB model of the Kindle Scribe is...
spot_img