2 min Security

Patch Tuesday fixes 6 actively exploited vulnerabilities

Patch Tuesday fixes 6 actively exploited vulnerabilities

Microsoft’s August Patch Tuesday update fixed 89 vulnerabilities. Among them were ten zero-day vulnerabilities fixed for both Windows 11 and 10, eight of which were flagged critical.

In the latest Patch Tuesday update for this month, Microsoft addressed a remarkably large number of zero-day vulnerabilities for Windows 11 and Windows 10. Ten zero-day vulnerabilities were involved, of which eight were given critical status. Of these critical vulnerabilities, six are already being actively exploited.

Actively abused

The six active vulnerabilities include a bug in the Edge browser’s scripting engine, a privilege escalation within the Windows Kernel, and a privilege escalation in the Windows power dependency.

Also at issue are vulnerabilities that allow hackers to gain system privileges on Windows systems, a vulnerability that allows them to create files to bypass Windows Mark of the Web security notifications, and a Microsoft Project remote execution vulnerability.

Other critical vulnerabilities

Of the four other critical vulnerabilities found, the tech giant has not yet disclosed in detail what effect they had. These are vulnerabilities related to being able to remotely execute code in the Windows Line Printer Daemon and a spoofing vulnerability in Office.

The two other vulnerabilities, recently presented at BlackHat USA 2024, concern Windows Downdate. These vulnerabilities make it possible to restore certain components within the operating system to older versions.

Total 89 vulnerabilities addressed

The latest Patch Tuesday update fixes 89 vulnerabilities in total. These include 36 privilege escalation vulnerabilities, four security bypass vulnerabilities, 28 remote code execution vulnerabilities, eight information disclosure vulnerabilities, six DoS vulnerabilities, and seven spoofing vulnerabilities. In addition, the update fixes a number of non-security issues.

Also read: Update to Windows Server messes up Remote Desktop connections