Microsoft Confirms The Worst – Windows Exploits Bypassing Security Features

Microsoft recently released a large batch of security-themed software updates but called urgent attention to the fact that three vulnerabilities were exploited in live Malware attacks. The tech giant recorded at least 72 security vulnerabilities in the Windows ecosystem and warned users about the risks of remote code execution, information disclosure, security feature bypass, and privilege escalation attacks.

Microsoft categorized the three vulnerabilities in the exploited column and warned that cybercriminals are initiating phishing and spoofing attacks that bypass Window’s security protections.

One of the exploited bugs, CVE-2021-43890, goes back to 2021, with Redmond’s security team stating that they were aware of the attacks that attempted to exploit this vulnerability through specially crafted packages, which include the Malware family known as Emotet/Trickbot/Bazaloader.

Microsoft has also urged users to pay close attention to a pair of security feature bypass bugs, CVE-2024-21412 and CVE-2024-21351, which are also being exploited in malware attacks.

The Patch rollout on Tuesday also includes a fix for remote code execution in Microsoft Office CVE-2024-21413) that could be exploited through the software’s Preview Pane security mitigation. Microsoft issued a warning stating:

“Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.” The flaw has a CVSS Severity score of 9.8/10.

Adobe Security Updates

Separately, on Tuesday, Adobe patched at least 30 documented security flaws in different products and warned that unpatched machines are exposed to code execution, security feature bypass, and denial-of-service attacks. Adobe also recorded 13 serious security issues covered in the Adobe Acrobat and Reader update, stating that both Windows and macOS users are at risk.

Users must be responsible for implementing these security updates to protect their systems from being exploited. Microsoft and Adobe have taken the necessary steps to address these issues, and users are advised to ensure that their systems are always up to date with the latest security patches.