Microsoft has released patches to address 73 security flaws in its software lineup, including two zero-day vulnerabilities that are actively being exploited. The vulnerabilities include a Windows SmartScreen Security Feature Bypass Vulnerability and an Internet Shortcut Files Security Feature Bypass Vulnerability. These flaws allow attackers to inject code into SmartScreen and bypass security checks. Successful exploitation of these flaws requires the attacker to send a malicious file and convince the user to open it. The vulnerabilities have been added to the Known Exploited Vulnerabilities catalog by the U.S. Cybersecurity and Infrastructure Security Agency.
In addition to the zero-day vulnerabilities, Microsoft also patched five critical flaws, including a Windows Hyper-V Denial of Service Vulnerability, a Windows Pragmatic General Multicast Remote Code Execution Vulnerability, a Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability, a Microsoft Exchange Server Elevation of Privilege Vulnerability, and a Microsoft Outlook Remote Code Execution Vulnerability.
The security update also resolves 15 remote code execution flaws in Microsoft WDAC OLE DB provider for SQL Server and fixes a 24-year-old design flaw in the DNSSEC specification that can be abused to exhaust CPU resources and stall DNS resolvers, resulting in a denial-of-service.
Other vendors have also released security updates to address vulnerabilities in their software.
The U.S. Cybersecurity and Infrastructure Security Agency has urged federal agencies to apply the latest updates by March 5, 2024.
Source link