Microsoft Fixes Three Zero-Days in May Patch Tuesday
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
Patch Tuesday tracks Microsoft's regular security updates, helping readers understand vulnerabilities, fixes, and risks affecting software users.
Search across headline titles and summaries.
Background for this topic.
Patch Tuesday is the second Tuesday of each month, when Microsoft publishes a scheduled set of security and quality updates for supported products. The term is also used broadly for the recurring monthly patch cycle that organizations use to review, test, and deploy vendor fixes. Releases may address vulnerabilities in operating systems, applications, browsers, and infrastructure components, with severity and affected versions varying by update.
For security teams, the release is a trigger for vulnerability-management work: identify exposed and supported assets, assess whether a flaw is being exploited or affects a critical system, and prioritize deployment accordingly. Testing and staged rollout can reduce compatibility and availability problems, while leaving internet-facing or unpatched systems exposed can increase the chance of compromise. Teams should also account for patches that require reboots, configuration changes, or dependent updates, and track exceptions with compensating controls. Critical fixes may warrant accelerated or emergency deployment rather than waiting for the normal maintenance window.
Microsoft has released patches for three zero-day vulnerabilities including two actively exploited in the wild
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild
CVE-2024-30051, under active exploit, is the most concerning out of this month's Patch Tuesday offerings, and already being abused by several QakBot actors.
Plus: Google Chrome, Apple bugs also exploited in the wild Happy May Patch Tuesday. We've got a lot of vendors joining this month's patchapalooza, which includes a handful of bugs that have been exploited — either in the wild or at Pwn2Own — and now fixed by Microsoft, Apple, Google and VMware.…
Kaspersky Says It Spotted QakBot Operators Exploiting the Flaw in AprilMicrosoft issued a patch Tuesday for a Windows zero-day vulnerability that security researchers say operators of the QakBot botnet and other hackers actively exploited. The elevation of privilege vulnerability flaw is rated "important" on the CVSS scale.
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two "zero-day" vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. [...]