Microsoft Patches 48 Security Vulnerabilities, Including Actively Exploited Zero-Days
Microsoft has addressed a total of 48 security vulnerabilities, including several actively exploited zero-day flaws, in its latest software updates. The patches cover Windows and other Microsoft 365 products, addressing critical issues such as remote code execution, privilege escalation, and unauthenticated access.
Among the patched vulnerabilities, two zero-days (CVE-2023-29336 and CVE-2023-24932) were found to be actively exploited in ongoing attacks. Microsoft also fixed five remote code execution bugs in Windows, with CVE-2023-24941 being the most severe, scoring a CVSS of 9.8.
A critical bug in Windows LDAP (CVE-2023-28283) allows unauthenticated attackers to execute malicious code, highlighting the importance of these updates. Notably, the zero-day vulnerability CVE-2023-29325, discovered by security researcher Jonas L. from the NCC Group, can grant attackers remote access to a victim's account and deploy additional malware when exploited. This bug affects Microsoft Outlook and Explorer, with the exploit triggered simply by viewing a specially-crafted email in the preview pane. Another zero-day, CVE-2023-29336, is a local privilege escalation bug that requires low attack complexity and no user interaction.
Microsoft's recent software updates address a significant number of security vulnerabilities, including several actively exploited zero-day flaws. Users are urged to apply these updates promptly to protect against potential threats and ensure the security of their systems.
