On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.
In September’s Patch Tuesday crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which – the Windows MSHTML zero-day – has been under active attack for nearly two weeks.
One other bug is listed as publicly known but isn’t (yet) being exploited. Immersive Labs’ Kevin Breen, director of cyber threat research, observed that with only one CVE under active attack in the wild, it’s “quite a light Patch Tuesday” – at least on the surface, that is.
The flaws were found in Microsoft Windows and Windows components, Microsoft Edge (Chromium, iOS, and Android), Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS and the Windows ...
Copyright of this story solely belongs to threatpost.com . To see the full text click HERE