The Patch Tuesday update from Microsoft contains 91 security fixes, including two critical zero-day vulnerabilities under active exploitation that users need to address urgently.
CVE-2024-49039 allows attackers to perform unauthorized privileged RPC functions by exploiting a flaw in Windows Task Scheduler, highlighting the importance of immediate patching.
CVE-2024-43451 showcases a spoofing vulnerability in NTLM code, enabling attackers to impersonate accounts with minimal user interaction, further stressing the necessity of installing the patch.
Among the three critical non-exploited vulnerabilities, CVE-2024-43602 merits attention for enabling Remote Code Execution via unauthorized modifications in Azure CycleCloud configurations.
Collection
[
|
...
]