Microsoft's scheduled monthly batch of security patches landed with a loud thud Tuesday with fixes for at least 56 security vulnerabilities in a range of operating system and software products.
At least one of the flaws (CVE-2021-1732) is being exploited in the wild in zero-day attacks. Microsoft did not provide any additional details on the in-the-wild attacks beyond a generic "exploitation detected" checkbox in the advisory.
The acknowledgement of this zero-day attack, reported to Microsoft by Chinese security vendor DBAPPSecurity Ltd., comes just days after reports of a separate -- and still unpatched -- Internet Explorer vulnerability being used by hackers linked to the North Korean government.
[ ALSO READ: Adobe Confirms PDF Reader Flaw Being Exploited ]
The zero-day patch headlines a mega-patch release by Microsoft with fixes for 56 documented CVEs in multiple Windows OS frameworks and components, the widely deployed Office Product line and the Skype for Business and Windows Defender utilities.
Microsoft rates 11 of the 56 vulnerabilities as "critical," its highest severity rating. A total of 43 patched flaws are classified as "important" while two are rated "moderated."
The Microsoft patch drop adds to the workloads for weary defenders struggling to keep pace with the volume and pace of security updates from major vendors.
Earlier Tuesday, Adobe shipped fixes for multiple dangerous security holes, including a bug in the Adobe Reader that is being exploited in "limited targeted attacks" against Windows OS users.
[ ALSO BY RYAN NARAINE: Google Chrome, Microsoft IE in Zero-Day Crosshairs ]
A few days ago, ..
Support the originator by clicking the read the rest link below.
