Microsoft Fixes 59 Flaws, 6 Already Under Attack
▼ Summary
– Microsoft released patches for 59 security flaws, including six vulnerabilities that are already being actively exploited.
– The six exploited vulnerabilities allow attackers to bypass security features, escalate privileges, or cause denial-of-service on Windows systems.
– The U.S. cybersecurity agency CISA has added these six flaws to its catalog, requiring federal agencies to apply fixes by March 2026.
– Microsoft is also rolling out new Secure Boot certificates to replace expiring ones, warning that systems without them will enter a degraded security state.
– The company announced two new security initiatives, Windows Baseline Security Mode and User Transparency and Consent, to strengthen default protections.
Microsoft has released a comprehensive set of security patches this month, addressing a total of 59 vulnerabilities across its software ecosystem. Among these, six flaws are confirmed to be under active exploitation by attackers, elevating the urgency for organizations to apply these updates promptly. The fixes cover a wide range of products and services, aiming to bolster defenses against potential breaches.
The severity breakdown of the patched issues includes five rated as Critical, 52 as Important, and two as Moderate. The most common type of vulnerability addressed is privilege escalation, accounting for 25 of the fixes. Other categories include remote code execution, spoofing, information disclosure, and denial-of-service. These patches are in addition to three other flaws recently resolved in the Microsoft Edge browser.
The six exploited vulnerabilities demand immediate attention. They include security feature bypass issues in Windows Shell and the MSHTML Framework, a similar bypass in Microsoft Office Word, and local privilege escalation flaws in the Desktop Window Manager and Windows Remote Desktop. A denial-of-service vulnerability in the Windows Remote Access Connection Manager rounds out the list. The U.S. Cybersecurity and Infrastructure Security Agency has added all six to its catalog of known exploited vulnerabilities, mandating federal agencies to patch them by early March.
Security researchers note that several of these bypass vulnerabilities share similarities, with the primary difference being the attack vector, whether through a malicious HTML file or a crafted Office document. The local privilege escalation flaws are particularly dangerous as they allow an attacker who has already gained a foothold on a system to elevate their access to the highest level, potentially disabling security tools, deploying more malware, or stealing credentials for a wider network compromise.
Alongside these critical fixes, Microsoft is implementing broader security enhancements. The company is rolling out updated Secure Boot certificates to replace expiring ones from 2011. Systems that do not receive the new certificates will enter a degraded security state, unable to receive future boot-level protections and potentially facing compatibility issues with new software.
Furthermore, Microsoft is advancing two key security initiatives. Windows Baseline Security Mode will enable runtime integrity safeguards by default, ensuring only properly signed applications and drivers can execute. The User Transparency and Consent framework introduces a system, similar to Apple’s approach, that prompts users when applications attempt to access sensitive resources like files, cameras, or microphones. This provides clearer visibility and control over software behavior for both individual users and IT administrators.
(Source: The Hacker News)
