Microsoft’s latest Patch Tuesday update has left IT administrators and security teams disappointed, as the company has patched six actively exploited zero-day vulnerabilities and four additional public issues. These vulnerabilities, along with two third-party flaws from Red Hat, are critical in severity.
This month’s update includes over 100 fixes, with ten vulnerabilities either actively exploited or publicly disclosed. Rapid7’s Adam Barnett noted that the larger-than-usual batch of vulnerabilities will likely keep defenders busy in the coming days.
While there are no SharePoint or Exchange vulnerabilities this month, Microsoft addressed six zero-days, including remote code execution and elevation of privilege bugs. The good news, according to Ivanti’s Chris Goettl, is that updating Windows and Office can reduce most risks quickly.
Goettl highlighted one zero-day as particularly impactful, allowing attackers to execute arbitrary code on victims’ systems. He recommended updating Office to mitigate this risk. Additionally, he advised treating all zero-days as higher severity than Microsoft suggests, given their potential impact.
Scott Caveza from Tenable emphasized the importance of two publicly disclosed vulnerabilities that could allow attackers to roll back software updates or expose NTLM hashes, potentially leading to further attacks. Overall, this month’s Patch Tuesday update requires vigilant patching to address a range of critical vulnerabilities.