Microsoft released updates on Tuesday to fix 78 vulnerabilities in its software. Five of these flaws are zero-days that have been actively exploited. 11 of the bugs are rated as Critical, 66 as Important, and one as Low in severity.
https://x.com/thezdi/status/1922358322692301051
https://x.com/WindowsUpdate/status/1922342232079696054
The five zero-days under active exploitation include a scripting engine memory corruption vulnerability, two flaws in the Windows Common Log File System driver, a bug in the Microsoft Desktop Window Manager Core Library, and a flaw in the Windows Ancillary Function Driver for WinSock. These vulnerabilities allow attackers to elevate privileges on compromised systems. Benoit Sevens of Google Threat Intelligence Group, the CrowdStrike Advanced Research Team, and an anonymous researcher reported some of these zero-days.
Microsoft’s own threat intelligence team discovered the others. The highest severity flaw, with a CVSS score of 10, is a privilege escalation bug in Azure DevOps Server.
Microsoft fixes active zero-day flaws
https://x.com/qualys/status/1922376095107567651
Microsoft says this has already been fixed in the cloud. Another notable vulnerability affects Microsoft Defender for Endpoint on Linux. Researchers found an issue in a Python script that could allow an attacker to elevate privileges locally.
Microsoft also patched a spoofing flaw in Microsoft Defender for Identity that could let an attacker on the LAN obtain NTLM hashes of the Directory Services account. In total, the updates address 28 remote code execution flaws, 21 privilege escalation bugs, and 16 information disclosure vulnerabilities, among others. Other vendors like VMware and Aruba Networking also released security updates recently.
Users are advised to apply these critical patches as soon as possible to protect against potential exploits. Refer to Microsoft’s official security update guide for further details and guidance.
April Isaacs is a news contributor for DevX.com She is long-term, self-proclaimed nerd. She loves all things tech and computers and still has her first Dreamcast system. It is lovingly named Joni, after Joni Mitchell.
