Microsoft has released a security patch as part of its Patch Tuesday program to fix several vulnerabilities in its Windows ecosystem.
According to Security Week, the Patch Tuesday patch released by Microsoft this time is intended to fix a total of 72 vulnerabilities in various products of the Windows ecosystem, including products that allow attackers to execute remote code. , bypassing security features and escalating privileges on the system.
Of the 72 vulnerabilities fixed by Microsoft, the company said three vulnerabilities are considered dangerous as they allow attackers to use it to carry out phishing and spoofing attacks to bypass the system. Windows security tools.
One of the vulnerabilities in question, CVE-2021-43890, dates back to 2021. According to Microsoft, this vulnerability is being exploited by hackers using related malware called Emotet, Trickbot, and Bazaloader. The company said in its statement: “In recent months, Microsoft Threat Intelligence has noted an increase in activity by attackers using social engineering and phishing methods to attack Windows users”. The company also notes it has forced the ms-appinstaller protocol in Windows to be disabled by default to improve security.
Microsoft also calls Windows administrators to pay attention to vulnerabilities CVE-2024-21412 and CVE-2024-21351, which allow users to bypass Windows security features and are used by attackers to perform real attacks.
The current Patch Tuesday also includes a fix for the vulnerability CVE-2024-21413, which allows remote code execution in Microsoft Office. Notably, this vulnerability received a score of 9.8/10, indicating a high level of danger.