Microsoft has released its monthly security update, addressing a total of 61 security flaws across its software. Among these vulnerabilities, two critical issues have been identified in Windows Hyper-V that could potentially lead to denial-of-service (DoS) attacks and remote code execution. The company has rated 58 of the flaws as important and one as low in severity. While none of these vulnerabilities are currently being actively exploited, six of them have been assessed to have a higher likelihood of exploitation.

Illustration: www.extremetech.com

In addition to the 61 vulnerabilities, Microsoft has also patched 17 security flaws in its Chromium-based Edge browser since the February 2024 Patch Tuesday updates were released. These fixes aim to address various security issues and improve the overall security of the browser.

Illustration: www.wpxbox.com

The most critical vulnerabilities identified in this security update are CVE-2024-21407 and CVE-2024-21408, both of which affect Windows Hyper-V. These vulnerabilities could result in remote code execution and a denial-of-service condition, respectively. It is crucial for users to apply these patches to protect their systems from potential attacks.

The security update also addresses privilege escalation flaws in the Azure Kubernetes Service Confidential Container, Windows Composite Image File System, and Authenticator. These vulnerabilities have varying levels of severity but should still be addressed to mitigate any potential risks.

Illustration: technorapper.com

One of the vulnerabilities addressed in the update is a privilege escalation flaw in the Authenticator app. Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes and potentially modify or delete accounts in the app. While the likelihood of exploitation is considered low, it is essential to update the Authenticator app to ensure the security of accounts.

Among the other vulnerabilities addressed in the security update are a privilege escalation bug in the Print Spooler component, a remote code execution flaw in Exchange Server, and a remote code execution vulnerability in the Open Management Infrastructure (OMI). These vulnerabilities have varying levels of severity and should be patched to prevent potential attacks.

In addition to Microsoft's security update, several other vendors have also released patches to address vulnerabilities in their respective software. These vendors include Adobe, AMD, Apple, Aruba Networks, Cisco, Google Chrome, IBM, Intel, Linux distributions, Mozilla Firefox, SAP, and many others. It is crucial for users to regularly update their software to ensure they are protected against potential security threats.