Security News

Microsoft has released security updates for the month of April 2024 to remediate a record 149 flaws, two of which have come under active exploitation in the wild. Of the 149 flaws, three are rated...

Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. Trend Micro's Zero Day Initiative says a separate vulnerability, spotted and reported by bug hunter Peter Girrus, was under attack in the wild before Microsoft issued a patch this week.

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. "Just as we did in 2022, we immediately reported our findings to the Microsoft Security Response Center. After validating our discovery, the team at Microsoft has added the relevant files to its revocation list," Budd said.

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn't marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro's Zero Day Initiative, has found being leveraged by attackers in the wild. Microsoft has fixed 24 vulnerabilities that may allow attackers to bypass Windows Secure Boot, a security feature that aims to prevent malware from loading when PCs boot up.

Today is Microsoft's April 2024 Patch Tuesday, which includes security updates for 150 flaws and sixty-seven remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. The Board finds that this intrusion was preventable and should never have occurred.

Regular patch releases will be critical to keep this product updated because it does not receive immediate security updates like its related, cloud-connected versions. Hard to believe, Windows 11 21H2 for Education and Enterprise and Windows 11 22H2 Home and Pro are already reaching EOS on November 8th. Microsoft recently reversed its decision to end the preview updates for Windows 11 22H2 in February and announced it will continue through June.

Microsoft says Windows 10 updates released since the start of the year are breaking Microsoft Connected Cache node discovery on enterprise networks. "After installing the January 2024 non-security update, released January 23, 2024, or later updates, some Windows devices which use the DHCP Option 235 for discovery of Microsoft Connected Cache nodes in their network might be unable to use the MCC nodes," Microsoft explains.

Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation tool after installing November Windows 10 updates. It also helps manage multiple computers on a network or fine-tune a single Windows image for a specific PC. The known issue only impacts Windows 10, version 22H2 systems where Sysprep is used by admins in audit mode to test or add drivers or apps to new Windows installations.

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.