Microsoft has released 73 updates in its monthly Patch Tuesday release, addressing issues in Microsoft Exchange Server and Adobe, as well as two zero-day flaws being actively exploited in Microsoft Outlook (CVE-2024-21410) and Microsoft Exchange (CVE-2024-21413).
Recent reports have highlighted the Windows SmartScreen vulnerability (CVE-2024-21351) under active exploitation, prompting the addition of “Patch Now” schedules to Microsoft Office, Windows, and Exchange Server. The team at Readiness has provided a detailed infographic outlining the risks associated with each of the updates for this cycle.
Microsoft publishes a list of known issues related to the operating system and platforms included each month. Windows devices using more than one monitor might experience issues with desktop icons moving unexpectedly between monitors or other icon alignment issues when attempting to use Windows Copilot. Microsoft is still working on this issue. After you install KB5034129, chromium-based internet browsers such as Microsoft Edge might not open correctly. Affected browsers might display a white screen and become unresponsive when opened. Microsoft is working on a fix. We expect an update in the next Edge update. There is a significant issue with the current release of Microsoft Exchange Server, which is detailed below in the Exchange Server section.
We have seen three waves of CVE vulnerability revisions from Microsoft (so far) this month — which in itself is unusual — made all the more so by the volume of updates in such a short time. That said, all the revisions were due to mistakes in the publication process; no additional action is required for the following: CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability. Microsoft has updated the FAQs and added clarifying information to the mitigation. This is an informational change only. CVE-2023-36019: Microsoft Power Platform Connector Spoofing Vulnerability. Updated the mitigation to inform customers with existing OAuth 2.0 connectors that the connectors must be updated to use a per-connector redirect URL by March 29. This is an informational change only. CVE-2024-0056, CVE-2024-0057, CVE-2024-0057, CVE-2024-20677 and CVE-2024-21312: These were updated to resolve broken link issues. No further action required. Contrary to current documentation from Microsoft, there are two revisions that do require attention: CVE-2024-21410 and CVE-2024-21413. Both reported vulnerabilities are “Preview Pane” critical updates from Microsoft that affect Microsoft Outlook and Exchange Server. Though the Microsoft Security Response Center (MSRC) says these vulnerabilities are not under active exploitation, there are several published reports of active exploitation. Note: this is a serious combination of Microsoft Exchange and Outlook…
2024-02-19 01:00:05
Article from www.computerworld.com