Microsoft Issues 90 Security Patches As Vulnerabilities Exposed

By | 15 Aug 2024

Microsoft has released 90 security updates – including nine tagged Critical – aimed at warding off malicious cyber attacks.

Acting promptly in response, America’s cyber defence agency CISA has added six of the “known exploited vulnerabilities” to its catalogue based on evidence of active exploitation.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” read a statement on the CISA website.

One example of the 90 CVEs (Common Vulnerabilities and Exposures) is the “Windows Secure Kernel Mode Elevation of Privilege Vulnerability”.

Some of the Microsoft updates from August 2024.

“Microsoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) … This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.”

Another is the “Windows TCP/IP Remote Code Execution Vulnerability”.

Microsoft said: “An unauthenticated attacker could repeatedly send IPv6 packets, that include specially crafted packets, to a Windows machine which could enable remote code execution.”

CISA’s Binding Operational Directive requires Federal Civilian Executive Branch agencies to remediate identified vulnerabilities … to protect FCEB networks against active threats”, however the body urges all organisations “to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities”.

You can see the full list of CVEs here.



