https://techmonitor.ai/technology/cybersecurity/microsoft-software-vulnerabilities

Microsoft has issued patches for 61 newly-discovered security vulnerabilities in its software. The fixes, which arrived as part of its Patch Tuesday package of updates, also included resolutions for two zero-day exploits. Of the others, 59 are rated as ‘Important,’ while those rated ‘Critical’ and ‘Moderate’ number one each. This follows updates being issued for 30 vulnerabilities in Microsoft’s Edge browser over the previous month. 

One of the zero-day vulnerabilities identified, named CVE-2024-30051, could allow attackers to gain system privileges. The flaw was discovered by Kaspersky researchers Mert Degirmenci and Boris Larin inside a file uploaded to VirusTotal in April. “After sending our findings to Microsoft, we began to closely monitor our statistics in search of exploits and attacks that exploit this zero-day vulnerability, and in mid-April, we discovered an exploit,” the pair wrote. “We have seen it used together with QakBot and other malware, and believe that multiple threat actors have access to it.”