TLDR:
- Microsoft released patches to address 90 security flaws, including 10 zero-days.
- Six of the zero-days are actively being exploited in the wild.
Microsoft issued fixes for a total of 90 security vulnerabilities in its Patch Tuesday updates, including 10 zero-day flaws, with six of them actively being exploited. Among the 90 bugs addressed, nine are rated Critical, 80 are rated Important, and one is rated Moderate. The updates also cover 36 vulnerabilities in the Edge browser.
Some of the notable zero-days being actively exploited include vulnerabilities in Microsoft Project, Windows Scripting Engine, Windows Ancillary Function Driver for WinSock, Windows Kernel, Windows Power Dependency Coordinator, and Windows Mark of the Web Security Feature Bypass.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaws to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply the fixes by a specified date.
In addition to Microsoft, other vendors have also released security updates to address vulnerabilities in their products. These include well-known companies like Adobe, Apple, Google, IBM, Intel, and many others.
It’s important for organizations to promptly apply these patches to mitigate the risk of exploitation and protect their systems from potential cyber threats.