Close Menu
    Trending
    Technology

    Microsoft Patches 90 Vulnerabilities, 10 Critical Zero-Days Included in Latest Update

    Sayan DuttaBy 4 Mins Read
    Microsoft Patches 90 Vulnerabilities

    Microsoft recently rolled out an important update that fixes 90 security flaws. This update includes 10 critical vulnerabilities, known as zero-days. Some of these bugs are already being used by attackers in the wild. Addressing these vulnerabilities is crucial to keep systems secure and safe for users.

    What’s New in the Update?

    Microsoft’s latest update covers a wide range of issues across its software. It focuses on fixing serious bugs that can allow hackers to take over computers or access sensitive information. Among the 90 vulnerabilities, there are nine categorized as critical. The rest are rated as important and moderate.

    Critical Vulnerabilities

    The ten critical zero days in this update are significant. Zero-day vulnerabilities are weaknesses that hackers know about but that the software developers do not. This means there are no patches available initially. When these vulnerabilities are discovered, their discovery can lead to serious problems, as they are often exploited quickly.

    Here are some of the critical vulnerabilities included in this update:

    1. CVE-2024-38189: This is a remote code execution vulnerability in Microsoft Project. If exploited, it allows attackers to run code on a victim’s computer.
    2. CVE-2024-38178: This weakness is in the Windows Scripting Engine. It can cause memory corruption that can lead to the execution of malicious code.
    3. CVE-2024-38193: This issue is related to the Windows Ancillary Function Driver. It can allow an attacker to escalate privileges.
    4. CVE-2024-38106: A problem in the Windows Kernel. It also leads to potential privilege escalation.
    5. CVE-2024-38107: This vulnerability affects the Windows Power Dependency Coordinator. It allows attackers to gain higher privileges.
    6. CVE-2024-38213: This issue is about bypassing security features in Windows, allowing attacks that can trick users into opening harmful files.

    Each of these vulnerabilities poses a risk to Windows users, which makes applying these updates vital.

    Publicly Known Vulnerabilities

    Additionally, the update identifies four vulnerabilities as publicly known. These are bugs that people are aware of but that are not yet fixed. Companies like Microsoft work hard to address these vulnerabilities quickly.

    1. CVE-2024-38200: This is a spoofing vulnerability in Microsoft Office. It can trick users into providing information to attackers.
    2. CVE-2024-38199: This severe bug in Windows Line Printer Daemon Service allows remote code execution. This means attackers can gain control of a system.
    3. CVE-2024-21302: A vulnerability that could lead to privilege escalation. Successful attacks can grant unauthorized access.
    4. CVE-2024-38202: This flaw affects the Windows Update Stack, which can lead to system downgrades and expose old vulnerabilities.

    Importance of Timely Updates

    Timely updates are essential for user safety. When these vulnerabilities are patched, it helps to protect sensitive information and maintain system integrity. Hackers often try to exploit these vulnerabilities before they are addressed. Therefore, users must check for updates regularly.

    User Responsibilities

    Users should remain vigilant after applying updates. They should update their software to the latest versions. They also need to practice safe computing habits. This includes being cautious about email attachments and suspicious links. Many attacks occur through phishing campaigns, which trick users into opening harmful files.

    Federal Requirements

    In addition to keeping personal devices secure, federal agencies must comply with security updates due to the risk these vulnerabilities present. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) requires that federal agencies apply these fixes by specific deadlines. This means organizations need to take security seriously and act quickly when updates are released.

    Other Vendors Also Update

    Microsoft’s update is not an isolated incident. Other tech companies also regularly release updates to patch vulnerabilities. Companies like Adobe, IBM, and Cisco frequently address security flaws to keep their software safe. Users should monitor updates from all software vendors to ensure they have the most secure systems possible.

    Closing Thoughts

    Microsoft’s recent update addresses 90 vulnerabilities, including 10 critical zero-days. This update is crucial for the safety and security of users around the world. By proactively patching these issues, Microsoft helps to protect its users from potential attacks. It is recommended that all users apply the latest updates and maintain secure computing habits. Security is a shared responsibility, and staying up-to-date is one of the best ways to reduce risk. Users should always be aware of the latest developments and take action to protect their information and systems.

    Share.
    Avatar for Sayan Dutta

    I am glad you came over here. So, you want to know a little bit about me. I am a passionate digital marketer, blogger, and engineer. I have knowledge & experience in search engine optimization, digital analytics, google algorithms, and many other things.

    Related Posts