SecurityWeek reports that fixes have been issued by Microsoft for at least 60 security issues impacting several of its offerings as part of this month's Patch Tuesday, including the critical flaws affecting its HyperV native hypervisor, tracked as CVE-2024-21407 and CVE-2024-21408.
Authenticated attackers with environment-specific information could leverage the HyperV vulnerabilities to facilitate code execution and denial-of-service attacks, according to Microsoft. Another critical vulnerability addressed in this month's updates is an Open Management Infrastructure bug, tracked as CVE-2024-21334. Microsoft has also patched several Microsoft Exchange Server and Azure Kubernetes code execution flaws that could be exploited to enable credential theft and compromise resources not protected by the Azure Kubernetes Service Confidential Containers. Such patches come amid a significant amount of fixes released by Adobe to address several critical bugs, including code execution vulnerabilities impacting its Premiere Pro, ColdFusion, LightRoom, and Bridge offerings. Both vendors noted that none of the addressed flaws are being actively exploited.