Microsoft addresses six actively utilized weaknesses
The close proximity to Black Hat and DEF CON might have influenced this, however, as certain of the publicly unveiled weaknesses originated from presentations presented by cyber security experts during the previous week at these two conferences.
The close proximity to Black Hat and DEF CON might have influenced this, however, as certain of the publicly unveiled weaknesses originated from presentations presented by cyber security experts during the previous week at these two conferences. Those vulnerabilities may have been brought to the attention of Microsoft beforehand in a responsible manner, but were not deemed severe enough to necessitate immediate fixes — a course of action that Microsoft typically reserves exclusively for broadly exploited zero-day vulnerabilities.
Six currently utilized defects
Prioritizing the patching of actively utilized weaknesses is vital regardless of whether they are classified as critical or have additional constraining factors. Microsoft does not disclose information regarding the exploitation of zero-day flaws in its notifications, thereby leaving enterprises in the dark about the extent or sophistication of these attacks unless the external organizations or researchers who discovered them decide to publish their own analyses.
For instance, one weakness, known as CVE-2024-38178, is characterized as a vulnerability in the scripting engine that leads to memory corruption and potentially, remote code execution. Ordinarily, vulnerabilities allowing unauthenticated remote code execution would be labeled as critical, yet this particular flaw is marked as significant (with a rating of 7.5 out of 10) since it can only be exploited when a user accesses a specially crafted link while using Microsoft Edge in Internet Explorer Mode.
About Author
