Microsoft Issues Updates to Fix 139 Security Flaws Across Products

Microsoft Corp. today released software updates to address 139 security vulnerabilities in various versions of Windows and other Microsoft products. The company warned that attackers are actively exploiting at least two of these vulnerabilities against Windows users.

Zero-Day Vulnerabilities

The first zero-day vulnerability, CVE-2024-38080, affects Windows Hyper-V in Windows 11 and Windows Server 2022 systems, allowing attackers to elevate their account privileges. The second zero-day, CVE-2024-38112, is a weakness in MSHTML, the engine of Internet Explorer, requiring a complex attack chain for exploitation.

Highlighted Security Flaws

Security experts highlighted CVE-2024-38021, a remote code execution flaw in Microsoft Office, which could lead to the disclosure of NTLM hashes for potential attacks. Morphisec, the firm that reported this flaw, disagreed with Microsoft’s severity rating, arguing for a more critical assessment.

Another vulnerability, CVE-2024-38053, in Windows Layer Two Bridge Network, poses a risk for road warriors in shared office environments and hotels. Additionally, three vulnerabilities in Windows Remote Desktop have been identified, all with a high CVSS score.

End of Support for SQL Server 2014

Today also marks the End of Support date for SQL Server 2014, prompting concerns for the large number of publicly available instances still running this version. Companies are advised to update to supported versions promptly.

Recommendations for Users

It is recommended for Windows users to stay current with security updates from Microsoft, although waiting a few days before applying patches can be a prudent approach. Backing up data before updating is always a wise precaution.

For a detailed list of the vulnerabilities addressed by Microsoft, refer to the SANS Internet Storm Center. Admins managing Windows environments can also monitor Askwoody.com for potential issues with specific updates.

If you encounter any difficulties with the updates, sharing your experience in the comments section may help others facing similar problems and potentially find solutions.

What is microsoft office ltsc professional plus 2024 preview?

Microsoft Office LTSC (Long Term Servicing Channel) Professional Plus 2024 Preview is an enterprise-grade version of Microsoft Office that provides long-term support and stability. This edition is designed for businesses that require a static set of features over a long period, with updates focusing primarily on security and bug fixes rather than the introduction of new features. The 'Preview' version allows businesses to test and validate the software before its official release, ensuring compatibility and performance.

What is microsoft office ltsc 2024?

Microsoft Office LTSC (Long Term Servicing Channel) 2024 is a version of Microsoft Office tailored for organizations that require a stable and unchanging set of features over an extended period. Unlike the regularly updated versions of Office, LTSC 2024 does not receive new features but focuses on essential updates such as security patches and performance improvements. This makes it ideal for businesses with specific regulatory or compliance requirements that necessitate predictable software behavior.