Microsoft Patches 139 Security Holes, Including Actively Exploited Bugs
Microsoft has addressed a significant number of security issues with its latest updates. The patches include fixes for critical vulnerabilities in Microsoft Office 365 and Windows, with some actively exploited in the wild.
Among the 139 security holes plugged, two stand out for their severity and active exploitation. CVE-2024-38080, a bug in Windows Hyper-V, allows attackers to escalate their privileges on a Windows machine. Meanwhile, CVE-2024-38112, a weakness in MSHTML, affects Windows Server 2008 R2 and later versions.
The security firm Trellix reported a zero-day vulnerability, CVE-2024-38021, in Microsoft Office 365. This remote code execution flaw can lead to NTLM hash disclosure. While Microsoft rated its severity as 'Important', Morphisec disputes this, arguing it should be rated 'Critical'.
Three vulnerabilities in Windows Remote Desktop Service (CVE-2024-38077, CVE-2024-38074, and CVE-2024-38076) have been identified. Additionally, a local network vulnerability in Windows Layer Two Bridge Network, CVE-2024-38053, should be prioritized for road warriors to patch.
Today also marks the End of Support date for SQL Server 2014, with over 110,000 instances still publicly available. Users are urged to update their systems to avoid potential security risks. Microsoft's prompt action in addressing these vulnerabilities demonstrates its commitment to user security.
Read also:
- Labour Party Conference 2025: Starmer, Nandy Unveil £200m Creative Industries Package
- Labour Conference 2025: Keir Starmer Boosts UK's Creative Sector with New Initiatives
- Vietnam Tackles EV Safety in 2050 Transition Ambition
- Nissan Unveils Advanced Digital Tools, Bolsters Cyber Security at Industry Event
