On February 2024, Microsoft’s Patch Tuesday saw the release of updates addressing 73 vulnerabilities, including two critical zero-day flaws that were actively exploited. Among these vulnerabilities, five were rated as critical, 66 as important, and two as moderate, spanning a wide range of Microsoft products from Windows and Azure to Microsoft Office and Exchange Server.
The critical issues included a notable elevation of privilege vulnerability in Microsoft Exchange Server and remote code execution vulnerabilities in various components. Two zero-day vulnerabilities, CVE-2024-21351 and CVE-2024-21412, were particularly concerning due to their active exploitation, involving a security feature bypass in Windows SmartScreen and Internet Shortcut Files, respectively.
These updates underscore the importance of timely patch management as a cornerstone of cyber security hygiene to mitigate potential attacks and safeguard systems against exploitation.
For more detailed insights and technical analysis, you can read more at the following sites: The Hacker News, BleepingComputer, and Tenable’s blog.
Starting in mid-July 2025, Microsoft will begin automatically blocking legacy authentication protocols in Microsoft 365, with full enforcement expected by August 2025. This update addresses…
A critical security vulnerability discovered in Microsoft 365 Copilot highlights that there is a risk associated with AI-powered business tools that we must continue to…
Microsoft has released its June 2025, Patch Tuesday security updates addressing 66 vulnerabilities across its software ecosystem. This month’s release includes one actively exploited zero-day…
