Microsoft and Adobe have collectively fixed 161 security vulnerabilities impacting their respective products as part of this month's Patch Tuesday, SC Media reports.
Addressed by Microsoft were 90 new flaws, including nine zero-days, six of which have already been leveraged in attacks. Aside from one medium-severity bug, threat actors have already exploited five high-severity flaws — including a privilege escalation issues in Windows Kernel, Window Power Dependency Coordinator, Windows Ancillary Function Driver, tracked as CVE-2024-38106, CVE-2024-38107, and CVE-2024-38193, respectively — as well as a memory corruption flaw in the Scripting Engine, tracked as CVE-2024-38178, and a remote code execution issue in Microsoft Project, tracked as CVE-2024-38189, according to Trend Micro's Zero Day Initiative.
Patches were also provided for 11 other critical vulnerabilities. On the other hand, more than 70 CVEs were addressed by Adobe, most of which concerned its Adobe Commerce offering, which was riddled with critical code execution flaws. Several code execution issues were also resolved in InDesign, noted ZDI.
