In a recent development, Microsoft has released a set of security updates aimed at fixing a total of 117 security vulnerabilities in Windows computers and other software. This release also includes patches for two vulnerabilities that are currently under active attack. Additionally, Adobe has addressed 52 security flaws in various products, while Apple has tackled an issue in its latest macOS 15 update, dubbed “Sequoia,” that caused problems for many cybersecurity tools.
One of the critical vulnerabilities identified is a zero-day flaw known as CVE-2024-43573, which is linked to a security weakness in MSHTML, the proprietary engine powering Microsoft’s Internet Explorer web browser. According to Nikolas Cemerikic, a cybersecurity engineer at Immersive Labs, this vulnerability could allow attackers to deceive users into interacting with malicious web content, potentially leading to unauthorized access to sensitive information or manipulation of web-based services. Despite the retirement of Internet Explorer on many platforms, the underlying MSHTML technology remains active and susceptible to exploitation, posing risks to employees using older systems for sensitive tasks online.
Another significant zero-day flaw, CVE-2024-43572, addresses a code execution vulnerability in the Microsoft Management Console, a Windows component used by system administrators for system configuration and monitoring. Satnam Narang, a senior staff research engineer at Tenable, highlighted the importance of this patch following the disclosure of an attack technique called GrimResource, which exploited a cross-site scripting vulnerability along with a specially crafted Microsoft Saved Console (MSC) file to gain code execution privileges. Microsoft has since implemented preventive measures to restrict untrusted MSC files from being opened on a system.
In addition to these critical patches, Microsoft has also addressed vulnerabilities in Office, Azure, .NET, OpenSSH for Windows, Power BI, Windows Hyper-V, Windows Mobile Broadband, and Visual Studio. Furthermore, Adobe has released updates to fix 52 security flaws across various software products, including Adobe Substance 3D Painter, Commerce, Dimension, Animate, Lightroom, InCopy, InDesign, Substance 3D Stager, and Adobe FrameMaker.
It is advisable to back up important data before applying any updates, as there may be unforeseen issues with stability or compatibility. Waiting a few days before installing pending patches can be a prudent approach to avoid potential complications. Platforms like AskWoody.com often provide insights into problematic patches, and it is essential to report any post-update glitches in the comments section to help others facing similar issues.
Overall, these comprehensive security updates from Microsoft, Adobe, and Apple underscore the ongoing efforts to address vulnerabilities and enhance the overall cybersecurity posture for users. By remaining vigilant and proactive in applying patches, individuals and organizations can mitigate risks associated with potential security breaches and attacks.