Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe.
On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the beginning of the week or the following day.
Patch Tuesday is a useful reminder for admins to ensure their Microsoft security updates are up to date.
The four vulnerabilities attackers have already taken advantage of are:
SEE: IBM’s Chris Hockings is optimistic about the safety of the internet in the next five years due to passkeys and defenses against deepfakes.
The National Vulnerability Database’s Common Vulnerability Scoring System assigns a “critical” rating to vulnerabilities that meet a certain threshold of severity in their prioritization system. These vulnerabilities, which require immediate attention, include CVE-2024-43491, as listed above, and CVE-2024-38220, which involves an elevation of privilege vulnerability in the Azure Stack Hub.
In total, fixes for 79 flaws were deployed in September’s Update Tuesday.
Adobe released its own handful of fixes for Photoshop, Cold Fusion, Acrobat Reader, Illustrator, Premiere Pro, After Effects, Audition, and Media Encoder.