Microsoft has released its latest security update, patching a total of 80 security flaws in its software. Of these vulnerabilities, eight are rated as critical, while 72 are considered important. None of the flaws were actively exploited as zero-day attacks when the patch was released. Nearly half of all the bugs patched this month were related to privilege escalation.
One of the flaws, a privilege escalation vulnerability in Windows SMB, was publicly known before the patch was available. Experts note that simply installing the patch is not enough to fix the issue. The flaw, which could allow attackers to perform relay attacks, requires administrators to take extra steps to harden their systems by enabling features like SMB signing.
The most severe flaw patched this month, a critical vulnerability in Azure Networking, received a perfect score of 10.0. Since this is a cloud-related issue, no customer action is required. Other notable fixes include a remote code execution bug in Microsoft High Performance Compute (HPC) Pack and a privilege escalation flaw in Windows NTLM.
The update also addressed two more vulnerabilities in Windows BitLocker, which add to a set of four other flaws patched in July. These bugs could allow an attacker with physical access to a device to bypass BitLocker’s encryption and access sensitive data. The disclosure comes as researchers have detailed a new technique called BitLockMove, which exploits BitLocker to execute code by manipulating its registry keys.
In addition to Microsoft, many other major technology companies, including Adobe, Cisco, Google, IBM, and NVIDIA, have also released security updates over the past few weeks to fix various vulnerabilities.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
