Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Microsoft Patchocalypse: 142 Bugs Squashed, Only 4 Critical!
Microsoft patches 142 vulnerabilities, but only four are “critical.” Noteworthy: Windows Hyper-V Elevation of Privilege Vulnerability and Windows MSHTML Platform Spoofing Vulnerability. One lets attackers play god with SYSTEM privilege, the other makes opening attachments riskier than a blind date. Stay safe, patch up!
Hot Take:
This is Microsoft’s version of Oprah’s “You get a car!” moment, but instead, it’s “You get a vulnerability!” While only four are “critical,” the rest are just there to keep your IT team up all night. Sweet dreams, sysadmins!
Key Points:
- 142 vulnerabilities patched by Microsoft, with 4 classified as “critical”.
- Two vulnerabilities already exploited: CVE-2024-38080 and CVE-2024-38112.
- Critical vulnerabilities in Windows Remote Desktop Licensing Service and Windows Imaging Component.
- A mix of Remote Code Execution, Elevation of Privilege, and Denial of Service vulnerabilities.
- Most vulnerabilities are rated as “important” but still require immediate attention.
Microsoft’s Patch Party
Microsoft has dropped a bombshell of 142 patches this month, making sysadmins around the world collectively groan. Only four of these vulnerabilities are labeled “critical,” which is like saying only four of the 142 bees in your bedroom are Africanized. Still, the other “important” vulnerabilities are not to be ignored unless you enjoy living dangerously.
Critical Hits
Among the critical issues, three are in the Windows Remote Desktop Licensing Service (CVE-2024-38074, CVE-2024-38076, CVE-2024-38077). These vulnerabilities could let an attacker execute code remotely. The fourth critical vulnerability (CVE-2024-38060) affects the Windows Imaging Component, which could be exploited by uploading a malicious TIFF image. So, yes, even your image files might be plotting against you.
Already in the Wild
Two vulnerabilities have already been exploited: CVE-2024-38080 and CVE-2024-38112. The first one is a Windows Hyper-V Elevation of Privilege vulnerability, allowing attackers to obtain SYSTEM privileges. The second is a Windows MSHTML Platform Spoofing vulnerability, making it easier for attackers to trick users into opening malicious attachments. It’s like phishing, but with a dash of extra subterfuge.
Known and Unknown
Two vulnerabilities are disclosed but not yet exploited: CVE-2024-35264 and CVE-2024-37985. The first affects .NET and Visual Studio, with a CVSS score of 8.1, making it a high-priority patch. The second affects ARM systems, allowing attackers to view privileged heap memory. Not quite as bad as your diary being published online, but close.
Grab Bag of Woes
Other notable mentions include a plethora of vulnerabilities affecting everything from Azure services to Xbox devices. For instance, the Azure DevOps Server has a spoofing vulnerability (CVE-2024-35266), and the Xbox Wireless Adapter has a remote code execution vulnerability (CVE-2024-38078). It’s like Microsoft decided to throw a cybersecurity buffet, and everyone’s invited.
Already a member? Log in here