TLDR:
- Microsoft disclosed 4 zero-day vulnerabilities in its September update.
- Attackers are actively exploiting these vulnerabilities, including security bypass, RCE, and privilege escalation bugs.
Microsoft’s September update contains 79 vulnerabilities, with 7 critical RCE and elevation of privilege vulnerabilities. Attackers are already exploiting four of these vulnerabilities. Two of the zero-days allow bypassing critical security protections in Windows. Another vulnerability allows elevation of privilege, while the last bug reintroduces vulnerabilities that were previously patched. These vulnerabilities are a high priority for organizations to remediate.
Other high-priority bugs in the update include a Windows spoofing vulnerability, a Microsoft SharePoint Server RCE bug, and two elevation-of-privilege vulnerabilities in the Kernel Streaming Service Driver. Organizations are advised to prioritize patching these vulnerabilities due to the potential impact on system security. With a total of 745 vulnerabilities disclosed this year, organizations need to stay vigilant and proactively patch their systems to mitigate the risk of exploitation.