Microsoft released patches on Tuesday for a total of 33 vulnerabilities, with 24 of them affecting Windows. Five other product groups were also affected. Out of the vulnerabilities addressed, only four were considered Critical in severity according to Microsoft. Three of these Critical-severity patches affect Windows, while the other one affects both Azure and Microsoft Power Platform Connector. Although none of the issues are currently known to be under exploit or publicly disclosed, Microsoft estimates that a third of the addressed vulnerabilities in Windows and Defender are more likely to be exploited in the next 30 days. Additionally, there were nine Edge-related issues, which are not included in the official count, but are important to address.
One notable vulnerability is a spoofing issue in Microsoft Power Platform Connector, which is considered Critical-severity and requires immediate attention. This issue has already been notified to affected customers. Another Critical-severity vulnerability is a remote code execution (RCE) vulnerability in Windows MSHTML Platform that could lead to a drive-by exploit. Microsoft advises prompt action to mitigate this vulnerability. There are also Important-severity patches for Microsoft Outlook for Mac and Microsoft Word, which should be updated by Apple users.
In terms of impact and severity, there were 10 vulnerabilities related to Elevation of Privilege, 8 vulnerabilities related to Remote Code Execution, 5 vulnerabilities related to Spoofing, 5 vulnerabilities related to Denial of Service, and 5 vulnerabilities related to Information Disclosure.
Microsoft recommends keeping all Edge and Chromium-based browsers up to date, even though Edge issues are not included in the CVE counts. It is also possible to manually download the patches from the Windows Update Catalog website if necessary.
Overall, it is important for users to update their Microsoft products to address these vulnerabilities and prevent potential exploits.