Microsoft Fixes 139 Bugs, Including Actively Exploited SQL Server Vulns and Office Zero-Day

Microsoft Fixes 139 Bugs, Including Actively Exploited SQL Server Vulns and Office Zero-Day

Microsoft has addressed 139 security flaws this month, with over a quarter affecting Microsoft 365 SQL Server. Two vulnerabilities are actively exploited, and a zero-day bug in Microsoft 365 Office has been reported to the company.

Microsoft's February Patch Tuesday fixed 139 security holes across various Microsoft 365 products. Notably, more than a quarter of these vulnerabilities, including CVE-2024-38080 and CVE-2024-38112, are in Microsoft 365 SQL Server. Two of these issues, CVE-2024-38080 and CVE-2024-38112, are currently being exploited in the wild.

A zero-day vulnerability, CVE-2024-38021, in Microsoft 365 Office was reported to the company by Check Point. This remote code execution flaw can lead to NTLM hash disclosure. Morphisec disputes Microsoft's severity rating for this bug, arguing it should be critical. Meanwhile, a local network 'ping-of-death' vulnerability, CVE-2024-38053, affects Windows Layer Two Bridge Network.

Three vulnerabilities in Windows Remote Desktop Service, CVE-2024-38077, CVE-2024-38074, and CVE-2024-38076, have a CVSS score of 9.8. Additionally, a bug in Windows Hyper-V, CVE-2024-38080, allows privilege escalation on Windows 11 and Windows Server 2022 systems.

Microsoft's latest security updates address a wide range of vulnerabilities, including actively exploited issues and a zero-day flaw in Microsoft 365 Office. Users are urged to apply these updates promptly to protect against potential threats.

Read also:

• Clash of LPR and GERD: What Sets Them Apart and What They Share
• Managing Epilepsy Solo: Best Practices and Secure Strategies for Solitary Living
• Understanding Angina: A Comprehensive Overview
• LA's Jewish Community Fears Division Amid Rising Antisemitism