today we're going to be talking about some latest news and let's just get right into it so Microsoft issues patches for 79 flaws including three actively exploited Windows flaws Microsoft on Tuesday disclosed that three new security flaws impacting the windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024 the monthly security release addresses a total of 79 vulnerabilities of which seven are rated critical 71 are rated important and one is rated moderate in severity this is aside from 26 flaws that the tech giant resolved in his chromium based edge browser since last month's past Tuesday release the three vulnerabilities that have been weaponized in a malicious context are listed below alongside of bugs that Microsoft is treating as exploited so I'll just add in right here that unless you are really up to date with these news like you don't realize how many patches are happening or how many vulnerabilities are being exploited like you would think that after so many years of being on the internet that once a v vulnerability is exploited that that's it there's no more of it but no these these keep on coming up so Windows installer elevation of privilege vulnerability Windows Mark of the web m w security feature bypass vulnerability Microsoft Publisher security feature bypass vulnerability Microsoft Windows update remote code execution vulnerability exploitation of both cve 2024 and cve 2024 can lead to the bypass of important security features that block Microsoft Office macros from running stinum narang senior staff research engineer at tab s a statement in both cases the target needs to be convinced to open a specifically crafted file from an attacker controlled server where they differ is that an attacker would need to be authenticated to the system and have local access to it exploit to it to exploit it CV 2024 38226 as disclosed by elastic security Labs last month cve 2024 38217 also referred to as lnk stomping is set to have been used in the wild as far back as February 2018 cve 202443 491 on the other hand is is notable for the fact that is similar to the downgrade attack that cyber security company safe breach detailed early last month Microsoft is aware of a vulnerability and servicing stack that has rolled back the fixes for some vulnerabilities affecting optional components on Windows 10 version 1507 initial version released July 2015 Redmont noted this means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10 version 1507 Windows 10 Enterprise 2015 ltsv and Windows 10 iio T Enterprise 2015 ltsb systems that have installed the Windows security update released on March 12 2024 kb50 35858 or other updates released until August 2024 the windows M maker further said it can be resolved by installing the September 2024 servicing stack update and the September 2024 Windows security update in that order it's also worth pointing out that Microsoft's exploitation detected assessment for cve 2024 stems 43 491 stems from the roll back of fixes that addresses address vulnerabilities impacting some optional components for Windows 10 version 1507 that have been previously exploited no exploitation of cve 202443 491 itself has been detected the company said in addition the Windows product team at Microsoft discovered this issue and we have seen no evidence that it is publicly known and then there has been some software Patches from other vendors in addition to Microsoft security updates have also been released by other vendors over the past few weeks to rectify several vulnerabilities including Adobe arm botch broadcom Cisco Tri code says dink Dell Drew Paul F5 for internet for Tru gitlab Google Android Google Chrome Google Cloud Google Weare Hitachi energy HP HP and there's so many more companies so okay so that's the patch update security news