08/15/2024
To: ALL OF MY FREINDS & FAMILY UPDATE YOUR COMPUTERS NOW!
https://www.facebook.com/share/p/odqty8zoNM4newYM/
Urgent Microsoft Windows security warning for millions — 10 critical zero-day vulnerabilities found!
**Microsoft’s Latest Patch Tuesday Addresses Critical Security Flaws Amidst Active Exploitation**
On Tuesday, Microsoft rolled out critical updates to fix a staggering 90 security vulnerabilities, including 10 zero-days, of which six are being actively exploited by hackers. Among these, nine are rated as Critical, with the remaining 80 classified as Important, and one as Moderate. This update comes on the heels of the company addressing 36 vulnerabilities in its Edge browser since the previous month.
These updates are particularly significant due to the inclusion of six actively exploited zero-days, such as the high-severity Microsoft Project Remote Code Ex*****on Vulnerability (CVE-2024-38189) with a CVSS score of 8.8. Another notable flaw, CVE-2024-38213, enables attackers to bypass Windows’ SmartScreen protections by convincing users to open malicious files. This vulnerability has been flagged by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), which now mandates federal agencies to apply these patches by September 3, 2024.
In addition to the zero-days, four other vulnerabilities have been made publicly known, including the Windows Line Printer Daemon (LPD) Service Remote Code Ex*****on Vulnerability (CVE-2024-38199) with a critical CVSS score of 9.8. Exploitation of this flaw could allow an attacker to gain full control of a system, particularly if they can entice a user to access a specially crafted file, likely delivered via phishing email.
Although Microsoft has addressed a majority of these threats, two vulnerabilities, CVE-2024-38202 and CVE-2024-21302, which allow for privilege escalation through downgrading Windows systems, remain unpatched. Microsoft has indicated that these issues do not currently meet their criteria for immediate servicing but may be included in a future update.
The need for vigilance is underscored by a recently disclosed denial-of-service (DoS) vulnerability in the Common Log File System (CLFS) driver (CVE-2024-6768). Although it results in a Blue Screen of Death (BSoD), Microsoft has deemed it lower in severity, as it requires an attacker to have already gained code ex*****on capabilities on the target machine.
Beyond Microsoft, other major vendors, including Adobe, Apple, and Google, have also issued patches in recent weeks to address various vulnerabilities. Users and organizations are urged to update their systems promptly to mitigate the risk of these increasingly sophisticated cyber threats.
