- Windows update and installer.
- Windows Hyper-V.
- Windows kernel and graphics (GDI).
- Microsoft MSHTML and Mark of the Web.
- Remote Desktop Subsystems (RDP) and TCP/IP.
The real concern is that three of these vulnerabilities (CVE-2024-38014, CVE-2024-38217, CVE-2024-43491 Exploitation cases have been reported. Additionally, another vulnerability has been reported in the Windows HTML subsystem (CVE-2024-38217) has been reported as a publicly disclosed zero-day vulnerability. Because of these four zero-days, we recommend that you add these Windows updates to your patch release schedule now.
Microsoft Office
Microsoft addressed two critical vulnerabilities in the SharePoint platform (CVE-2024-38018 and CVE-2024-43464) that will require immediate attention. There are nine other updates considered important that affect Microsoft Office, Publisher, and Visio. Unfortunately, CVE-2024-38226 Microsoft has reported that the vulnerability (affecting Publisher) is being exploited in place. If your application portfolio does not include Publisher (many do not), please add these Microsoft updates to your standard patch release cycle.
Microsoft SQL Server (formerly Exchange)
This month sees a significantly larger update for the Microsoft SQL Server platform, with 15 updates (all) rated as important. There are no reports of public disclosures or active vulnerabilities, and these patches cover the following general vulnerabilities:
Leave feedback about this