Microsoft released security updates addressing over 70 vulnerabilities in Windows OS and related software, with particular urgency on five zero-day flaws actively exploited by attackers. These updates aim to mitigate remote code execution and privilege escalation risks, although detailed attack indicators are lacking.
Affected: Windows OS, Microsoft Scripting Engine, Windows Common Log File System, Windows DWM, Microsoft Office, Virtual Machine Bus.
Affected: Windows OS, Microsoft Scripting Engine, Windows Common Log File System, Windows DWM, Microsoft Office, Virtual Machine Bus.
Keypoints
- Microsoft issued security patches fixing at least 70 vulnerabilities in Windows and related components during the latest Patch Tuesday.
- Five zero-day vulnerabilities are marked as βexploitation detected,β indicating active attacks exploiting these bugs.
- Key zero-day flaws include remote code execution via the Scripting Engine and privilege escalation in Windows CLFS Driver and DWM.
- Attackers are exploiting bugs in the Windows Scripting Engine and Log File System Driver, with ongoing threats from APT groups and ransomware actors.
- Microsoft introduced HMAC-based mitigation techniques to detect unauthorized modifications in CLFS log files, strengthening defenses.
- The critical vulnerabilities impact Windows Remote Desktop Services, Microsoft Office, and Virtual Machine Bus, all carrying remote code execution risks.
- Security updates lacked specific indicators of compromise, leaving the detection of ongoing infections more challenging for defenders.
Read More: https://www.securityweek.com/zero-day-attacks-highlight-another-busy-microsoft-patch-tuesday/