"Microsoft on Tuesday released patches for 138 security vulnerabilities spanning its product portfolio, although none of them have been listed as publicly known or under active attack. Of the 138 flaws, 30 are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low in severity."
"As many as 61 vulnerabilities are classified as privilege escalation bugs, followed by 32 remote code execution, 15 information disclosure, 14 spoofing, eight denial-of-service, six security feature bypass, and two tampering flaws. The update list also includes a vulnerability that was patched by AMD ( CVE-2025-54518, CVSS score: 7.3) this month."
"One of the most severe vulnerabilities patched by Redmond is CVE-2026-41096 (CVSS score: 9.8), a heap-based buffer overflow flaw impacting Windows DNS that could allow an unauthorized attacker to execute code over a network. "An attacker could exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory," Microsoft said."
""In certain configurations, this could allow the attacker to run code remotely on the affected system without authentication." Also fixed by Microsoft are several Critical- and Important-rated flaws - CVE-2026-33109 (CVSS score: 9.9) - An improper access control in Azure Managed Instance for Apache Cassandra that allows an authorized attacker to execute code over a network. (Requires no customer action)"
Microsoft released patches for 138 security vulnerabilities across its product portfolio. Thirty vulnerabilities are rated Critical, 104 are rated Important, three are rated Moderate, and one is rated Low. The flaws include 61 privilege escalation issues, 32 remote code execution issues, 15 information disclosure issues, 14 spoofing issues, eight denial-of-service issues, six security feature bypass issues, and two tampering issues. The update list includes an AMD-patched CPU cache isolation issue affecting Zen 2-based products that could enable privilege escalation. Microsoft also patched a heap-based buffer overflow in Windows DNS, CVE-2026-41096, which could allow remote code execution via a crafted DNS response. Additional critical issues include improper access control in Azure Managed Instance for Apache Cassandra and other high-severity code injection vulnerabilities.
#microsoft-security-updates #windows-dns #azure-managed-instance #privilege-escalation #remote-code-execution
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]