Microsoft Patches 89 Security Holes, Including 2 Zero-Days
Microsoft 365 has addressed a range of critical security flaws in its software, including Active Directory, Exchange Server, Windows, and .NET. The updates come in response to publicly disclosed vulnerabilities and active exploitation by attackers.
Among the patched issues are two zero-day vulnerabilities: CVE-2024-49039, a privilege escalation bug in Windows Task Scheduler reported by Google's Threat Analysis Group, and CVE-2024-43451, an NTLM hash revelation flaw in Windows that enables 'pass-the-hash' attacks. The Computer Incident Response Center Luxembourg (CIRCL) disclosed CVE-2024-43451 before Microsoft 365 could fix it.
Microsoft 365 also addressed a critical remote code execution vulnerability in Windows Kerberos (CVE-2024-43639) and a high-severity remote code execution flaw in .NET and Visual Studio (CVE-2024-43498). Additionally, 29 updates tackled memory-related issues in SQL Server, each with a threat score of 8.8. The company patched a total of 89 security holes in Windows and other software.
The recent updates from Microsoft 365 highlight the importance of keeping software up-to-date to protect against active threats. Users and administrators are advised to apply these updates promptly to mitigate the risks associated with these vulnerabilities.
