Microsoft on Tuesday rolled out patches for at least 60 security vulnerabilities haunting the Windows ecosystem and warned there is exposure to remote code execution attacks.
The world's largest software maker tagged two HyperV vulnerabilities - CVE-2024-21407 and CVE-2024-21408 with its highest critical-severity rating and urged users to prioritize these fixes to reduce exposure to code execution and denial-of-service attacks.
The company said successful exploitation requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.
Microsoft also flagged a serious flaw in Open Management Infrastructure for urgent attention, noting that the CVE-2024-21334 bug carries a CVSS severity score of 9.8 out of 10.
This month's updates also provide cover for code execution issues in the oft-targeted Microsoft Exchange Server and a Microsoft Azure Kubernetes bug that opens the door for attackers to steal credentials and affect resources beyond the security scope managed by Azure Kubernetes Service Confidential Containers.
According to Microsoft, none of the documented issues have been publicly discussed or under active attack.
The Microsoft patches come on the same day software maker Adobe released a hefty batch of security updates to fix critical-severity vulnerabilities in multiple enterprise-facing products.
The Adobe rollout contains fixes for code execution flaws in the oft-targeted Adobe ColdFusion, Adobe Premiere Pro, Adobe Bridge and Adobe Lightroom.
Like Microsoft, Adobe said it was not aware of any exploits in the wild for any of the issues addressed this month.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 12 Mar 2024 20:13:05 +0000