Microsoft Releases Patch to Address 90 Vulnerabilities in Windows
Microsoft has released an update to fix at least 90 security vulnerabilities in Windows and related software, including six 0-day vulnerabilities that are being actively exploited by attackers.
This month's Windows update from Microsoft includes patches for vulnerabilities in Office, .NET, Visual Studio, Azure, Copilot, Microsoft Dynamics, Teams, Secure Boot, and, of course, Windows itself. Of the six 0-day vulnerabilities addressed by Microsoft this month, half are local privilege escalation vulnerabilities, meaning they are primarily useful to attackers when combined with other vulnerabilities or access methods.
CVE-2024-38106, CVE-2024-38107, and CVE-2024-38193 all allow attackers to gain system-level privileges on vulnerable machines, although these vulnerabilities are located in different parts of the Windows operating system. Microsoft provides very little information about the latter two vulnerabilities, aside from noting that they are being actively exploited. CVE-2024-38106, on the other hand, exists in the Windows Kernel and is being actively exploited with a high level of complexity.
Another 0-day vulnerability this month is CVE-2024-38178, which allows remote code execution when the integrated Windows Edge browser is operating in "Internet Explorer Mode." By default, IE Mode is not enabled in Edge, but it can be turned on to work with older websites or applications that are not supported by modern Chromium-based browsers.
CVE-2024-38213 is a 0-day vulnerability that allows malware to bypass "Mark of the Web," a security feature in Windows that flags files downloaded from the internet as untrusted (this feature is responsible for the "Windows protected your PC" popup that appears when opening files downloaded from the web).
The final 0-day vulnerability discovered is CVE-2024-38189, a remote code execution vulnerability in Microsoft Project. However, Microsoft and several security companies note that this vulnerability only affects users who have disabled security risk notifications when running VBA Macros in Microsoft Project.
Windows users who are still supported should update their systems with the August security updates from Microsoft by going to Settings and selecting Windows Update to download and install the patches.
Submit feedback
Your email address will not be made public. Fields marked are required *
Search
Trend
-
What is Black Myth: Wukong? Detailed Guide on System Requirements and Gameplay
08-21-2024 . 813 view
-
Call of Duty: Black Ops 6 - Intense, Mysterious, and Surprising Warfare
09-02-2024 . 700 view
-
The "End of Life" for Windows 10: A Massive E-Waste Threat and Sustainable Solutions
08-18-2024 . 679 view
-
Casio WS-B1000: The Perfect Blend of Traditional Watch and Smartwatch
08-11-2024 . 597 view
-
Lost All Money by Trusting in "Elon Musk Deepfake": A Cautionary Tale of Deepfake
08-21-2024 . 564 view
0 feedback