Microsoft Claims That Exploits In Windows Bypass Security Features

(CTN News) – A major batch of security-related software updates was released by Microsoft on Tuesday, as well as a warning regarding at least three vulnerabilities that are being exploited in live malware attacks.

The world’s largest software manufacturer has identified 72 security vulnerabilities in the Windows ecosystem, posing a risk of remote code execution, security feature bypass, information disclosure, and privilege escalation.

The company has listed three vulnerabilities as being exploited, warning that cybercriminals are launching phishing and spoofing attacks that bypass the operating system’s security features.

A recent increase in activity by threat actors utilizing social engineering and phishing techniques to target Windows OS users has been noted by Microsoft Threat Intelligence. In response, Microsoft has disabled the ms-appinstaller protocol by default on Windows operating systems.

The company also urged Windows administrators to be on the lookout for two security feature bypass bugs – CVE-2024-21412 and CVE-2024-21351 – which are being exploited in malware attacks.

In addition, the Patch Tuesday update fixes a remote code execution vulnerability in Microsoft Office (CVE-2024-21413), which could be exploited through the Preview Pane security mitigation feature.

Microsoft warned that successful exploitation of this vulnerability could enable an attacker to bypass Office Protected View and open files in editing mode instead of protected mode.  CVSS severity score for this vulnerability is 9.8 out of 10.

Additionally, Adobe patched at least 30 documented security flaws in multiple products on Tuesday, warning that unpatched machines are susceptible to code execution, bypassing security features, and denial of service attacks.

Adobe has documented at least 13 serious security vulnerabilities that have been fixed in the latest version of Adobe Acrobat and Reader. Both Windows and macOS users are at risk because of these vulnerabilities.

According to Adobe, successful exploitation could result in the execution of arbitrary code, the denial of service of the application, and the leakage of memory.

Moreover, Adobe pointed out that the Adobe Commerce update should be addressed urgently as well as bugs in Adobe Substance 3D Painter, Adobe FrameMaker Publishing Server, Adobe Audition, and Adobe Substance 3D Designer that could result in code execution risks.

There haven’t been any exploits found in the wild that exploit any of the issues addressed in the February batch of patches that Adobe has issued.

SEE ALSO:

CEO Of PayPal, Aaron Karczmer, Is Leaving The Company