Microsoft Releases Major Updates to Address Windows Security Vulnerabilities

Software giant Microsoft revealed a series of significant updates on Tuesday, July 9, aimed at addressing security vulnerabilities within the Windows ecosystem. The company also issued a warning about attackers exploiting Windows Hyper-V privileges escalation bugs.

“An attacker who manages to exploit this vulnerability can gain SYSTEM privileges,” Microsoft stated in a brief newsletter regarding the detected exploitation of the Hyper-V issue.

The Windows Hyper-V vulnerability, known as CVE-2024-38080, was reported anonymously to Redmond’s security response center and has a severity score of 7.8/10. Microsoft did not provide further details about the attacks or telemetry data to assist defenders in identifying signs of infection.

Addressing MSHTML Windows Platform Spoofing

Additionally, Microsoft is focusing on addressing the vulnerability in the MSHTML Windows platform spoofing (CVE-2024-38112), which is also being actively exploited. The successful exploitation of this vulnerability requires attackers to take additional actions before executing the attack.

These two zero-day vulnerabilities are part of a series of Patch Tuesday releases that include fixes for over 140 vulnerabilities in the Windows ecosystem, with five of them rated as critical by Microsoft. Security experts are advising Windows system administrators to prioritize addressing the critical remote code execution vulnerability in Microsoft Office SharePoint (CVE-2024-38023), which is at risk of exploitation by attackers.

Critical Vulnerabilities in Office SharePoint

Office SharePoint vulnerabilities could allow authenticated attackers with Site Owner’s permissions to upload custom files to targeted Server SharePoint and trigger deserialization of file parameters through API requests, leading to remote code execution in the context of Server SharePoint.

Microsoft’s patches also address severe remote code execution vulnerabilities in Windows Imaging Component and Windows Desktop Remote Licensing. These updates coincide with critical-level patches released by Adobe for security flaws in products like Premiere Pro, InDesign, and Bridge, which could also result in the execution of arbitrary code on Windows and macOS systems.

What is windows 10 ltsc 2021?

Windows 10 LTSC 2021 (Long-Term Servicing Channel) is a version of the Windows 10 operating system designed specifically for businesses and organizations that require a stable and unchanging platform. It offers extended support, with updates primarily focusing on security and stability rather than new features. This version is ideal for environments like medical devices, ATMs, and other systems where minimizing change is critical.

How to change screen timeout settings on windows 10?

To change screen timeout settings on Windows 10, follow these steps: 1. Open Settings by pressing Windows + I. 2. Go to System > Power & sleep. 3. Under 'Screen', choose the desired timeout for both 'On battery power' and 'When plugged in'. You can select a time frame from the dropdown menu options. Adjusting these settings allows you to control how long your PC remains idle before the screen turns off.

Update: 10 Jul 2024