Microsoft Discloses ‘Triple-Digit CVE’ Patch Tuesday Release
It’s the third time in 2024 that has seen Microsoft’s monthly patch release consist of fixes for more than 100 vulnerabilities, according to Trend Micro’s Dustin Childs.
For the third time in 2024, Microsoft’s monthly patch release has included fixes for more than 100 vulnerabilities, according to a Trend Micro researcher.
The tech giant disclosed 117 new CVEs (Common Vulnerabilities and Exposures) in connection with its monthly release of software bug fixes, unofficially known as “Patch Tuesday.”
[Related: CISA, Microsoft Confirm High-Severity Windows Vulnerability Exploited]
As usual, the patches address vulnerabilities that affect numerous Microsoft product segments including Windows, Office, Azure, .NET, OpenSSH for Windows, Visual Studio, Windows Hyper-V and Power BI.
The addition of several third-party vulnerabilities brings the total number of newly patched vulnerabilities to 121, according to Dustin Childs, head of threat awareness for Trend Micro’s Zero Day Initiative.
“This is the third triple-digit CVE release from Microsoft this year, putting the Redmond giant on pace to exceed the number of CVEs fixed in 2023,” Childs wrote in a blog post. “They are still a way off from the record pace set in 2020 (thankfully).”
CRN has reached out to Microsoft for comment.
Three of the vulnerabilities are considered to be “critical” in severity while two other flaws are known to be seeing active exploitation, Childs noted.
The exploited vulnerabilities include two moderate-severity flaws affecting Windows MSHTML Platform Spoofing Vulnerability (tracked at CVE-2024-43573) and Microsoft Management Console (tracked at CVE-2024-43572).
Meanwhile, a newly disclosed critical flaw affecting Microsoft Configuration Manager (tracked at CVE-2024-43468) can enable remote code execution, and has received a severity rating of 9.8 out of 10.0. The other two critical-severity flaws affect Remote Desktop Protocol (tracked at CVE-2024-43582) and Visual Studio Code extension for Arduino (tracked at CVE-2024-43488).