Wed Sep 11 09:22:10 UTC 2024: ## Windows Update Hit by Zero-Day Attacks, Putting Users at Risk

**San Francisco, CA –** A new wave of zero-day vulnerabilities has been discovered in the latest Windows security update, putting users at risk. These vulnerabilities, which allow attackers to bypass critical security features, have been actively exploited and could lead to ransomware attacks.

One vulnerability, CVE-2024-38217, affects a security function known as Mark of the Web (MoTW), which warns users about potential risks when opening files from unknown sources. This vulnerability allows attackers to manipulate these warnings, potentially tricking users into opening malicious files.

Another vulnerability, CVE-2024-38226, affects Microsoft Publisher and allows attackers to bypass security features that block macros from running.

Security experts are urging organizations to prioritize patching these vulnerabilities, as they pose a serious threat. “These vulnerabilities are particularly concerning because they allow attackers to bypass key security features, making them more difficult to detect and prevent,” said Satnam Narang, senior staff research engineer at Tenable.

Microsoft has released a security update addressing these vulnerabilities, but users are advised to install it as soon as possible. Additionally, users should be cautious about opening files from unknown sources and be aware of the potential risks associated with malicious files.

“This situation highlights the importance of staying up-to-date on security patches and being aware of the latest threats,” Narang concluded. “By taking these precautions, users can help protect themselves from these vulnerabilities and ensure their systems remain secure.”

Read More