Tuesday was Microsoft’s Patch day: The Monthly Dance with Zero-Days

Ah, Patch Tuesday—Microsoft’s way of reminding us that no matter how much we love technology, it’s always ready to bite us. This August, they’ve treated us to 89 new security fixes, and just to keep things spicy, they’ve thrown in nine zero-day vulnerabilities. If you’re thinking, “What’s a zero-day?”—it’s basically the software equivalent of finding out your parachute has a hole in it after you’ve jumped out of the plane. Oh, and six of those were actively exploited. Cheers to that.

In case you’re keeping score at home, here’s the breakdown:

• 36 Elevation of Privilege Vulnerabilities: Because who doesn’t want attackers to run your computer with full admin rights?
• 28 Remote Code Execution Vulnerabilities: Why stop at just controlling your system when you can also run whatever malicious code you want?
• 7 Spoofing Vulnerabilities: Perfect for those who enjoy pretending to be someone else.
• And more... because why settle for less?

Let’s highlight a couple of the stars of this month’s show:

1. CVE-2024-38178: A scripting engine vulnerability that lets attackers execute code remotely. All you have to do is click on a suspicious link in Microsoft Edge using Internet Explorer mode. Why are you even using that mode? Don’t answer that.
2. CVE-2024-38193: An elevation of privilege flaw in the Windows Ancillary Function Driver for WinSock. Translation: If someone exploits this, they can get system-level access. Yikes.
3. CVE-2024-38213: A bypass of the Windows Mark of the Web security feature. This one’s been popular with phishing scams. Because why not?

And let’s not forget the vulnerabilities that Microsoft hasn’t fixed yet. But don’t worry, they’re working on it! In the meantime, try not to click on anything, okay?

Recommended Fix:

Step 1: Update everything. Seriously, go do it right now. Those updates you’ve been putting off are what stand between you and a very bad day.

Step 2: Stop clicking on shady links. If you don’t know where it came from, don’t click on it. No, your Amazon account hasn’t been suspended, and no, you don’t need to verify your bank account info via email.

Step 3: Consider using a managed service provider (like, say, Crosslin Technologies) to handle all these pesky updates and security patches for you. Let us stress about zero-days so you don’t have to.

At Crosslin Technologies, we get it—keeping up with all these security patches and vulnerabilities is a full-time job. Luckily, it’s our job. Whether it’s managing your updates, securing your systems, or just making sure you don’t accidentally download something that’ll ruin your week, we’re here to help. So, how about you let us handle the tech stuff, and you focus on what you do best?

Like what you read? Don’t keep it to yourself—share this newsletter with friends, family, or that one coworker who always forgets to update their software. And don’t forget to subscribe for more snarky tech insights!