Microsoft’s September Patch Update Reveals Active Exploitation of Critical Vulnerabilities

Hackers are wasting no time in exploiting critical vulnerabilities identified in Microsoft’s latest security update. Out of the 79 flaws addressed by Microsoft, four are already being actively targeted by attackers.

Two of the zero-day bugs allow cybercriminals to bypass key security protections in Windows, making them a top priority for organizations to address. Another zero-day flaw grants unauthorized access to system-level privileges, while the fourth bug reintroduces vulnerabilities in certain versions of Windows 10 that were previously patched by Microsoft.

In total, Microsoft’s September update included seven critical vulnerabilities that could enable remote code execution and elevation of privilege attacks. The company highlighted 19 CVEs in the update as particularly risky, as they facilitate remote code execution with minimal complexity, require no user interaction, and impact widely-used products.

Among the notable vulnerabilities are CVE-2024-38226, affecting Microsoft Publisher, which allows attackers to bypass Office macros for blocking malicious files. Another bug, CVE-2024-43491, poses a high-severity risk by rolling back previous security fixes in Windows 10, potentially exposing users to exploitation.

Security experts emphasize the importance of promptly addressing these vulnerabilities to prevent malicious activities. With a total of 745 vulnerabilities disclosed by Microsoft this year, organizations must remain vigilant in applying patches and safeguarding their systems against cyber threats.