Microsoft has released patches for 33 affected products and a “defense in depth update” to counter the exploitation of remote code execution vulnerabilities impacting Windows and Office users. This action comes a month after Microsoft confirmed active exploitation of these vulnerabilities. The security updates address the attack chain leading to the Windows Search security feature bypass vulnerability (CVE-2023-36884), which was being abused by both Russian spies and cybercriminals. Microsoft urged users to install the newly available Office updates as well as the Windows updates from August 2023. Additionally, Adobe also released security updates to address vulnerabilities in its Acrobat and Reader software, with fixes for around 30 security defects affecting Windows and macOS installations.
Read more: https://www.securityweek.com/patch-tuesday-microsoft-finally-patches-exploited-office-zero-days/