Microsoft Patch Tuesday Fixes 79 CVEs, Including Exploited Windows Flaws
Microsoft released fixes for 79 vulnerabilities across 11 product families, including 7 Critical issues and multiple flaws already exploited or associated with exploited conditions. The most significant actively exploited bugs were CVE-2024-38014 in Windows Installer and CVE-2024-38217 in Windows Mark of the Web, while CVE-2024-43491 in the Windows Update servicing stack was highlighted as a high-severity risk for supported Windows 10 version 1507 LTSB and IoT Enterprise 2015 LTSB systems.
Windows accounted for 47 of the patched CVEs, with SQL Server receiving fixes for 13 vulnerabilities and SharePoint affected by several high-risk remote code execution flaws that Microsoft said were more likely to be exploited within 30 days. Microsoft also noted that Windows 11 24H2 is affected by 29 CVEs, including two already exploited in the wild, and the release referenced three Adobe vulnerabilities, including CVE-2024-41869, a critical Adobe Reader use-after-free flaw for which a workable exploit was already available.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Adobe Reader flaw CVE-2024-41869 noted with exploit available in the wild
The release referenced Adobe CVE-2024-41869, a critical Reader use-after-free vulnerability. Sophos reported that a workable exploit for the flaw was already available in the wild.
Microsoft says SharePoint RCE flaws are more likely to be exploited
The September 2024 Patch Tuesday release included several high-risk SharePoint remote code execution vulnerabilities that Microsoft assessed as more likely to be exploited within 30 days. This assessment elevated the urgency of patching those SharePoint issues.
Microsoft highlights severe Windows Update stack issue CVE-2024-43491
Microsoft's September 2024 release highlighted CVE-2024-43491, a high-severity Windows Update servicing stack vulnerability affecting supported Windows 10 version 1507 LTSB and IoT Enterprise 2015 LTSB systems. The issue was called out as one of the most notable flaws in the release.
Microsoft flags CVE-2024-38014 and CVE-2024-38217 as actively exploited
In the September 2024 Patch Tuesday release, Microsoft identified CVE-2024-38014 in Windows Installer and CVE-2024-38217 in Windows Mark of the Web as vulnerabilities already being exploited in the wild. The same release counted four issues as exploited or tied to exploited conditions.
Microsoft releases September 2024 Patch Tuesday fixes for 79 CVEs
Microsoft's September 2024 Patch Tuesday release addressed 79 vulnerabilities across 11 product families, including 7 rated Critical. The release also referenced three Adobe CVEs alongside the Microsoft fixes.
Sources
1 reference tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches 71 Flaws Including Exploited Windows CLFS Zero-Day
Microsoft released fixes for **71 CVEs** across 10 product families, including **17 Critical** and **54 Important** vulnerabilities, with the update heavily concentrated on Windows. The most severe issue was **`CVE-2024-49112`**, a **CVSS 9.8** remote code execution flaw in **LDAP** affecting supported Windows client and server versions back to **Windows Server 2008**, while multiple other patches addressed remote code execution risks in **Remote Desktop Services** and additional Windows components. Microsoft also fixed an **actively exploited zero-day**, **`CVE-2024-49138`**, in the **Windows Common Log File System Driver (CLFS)**, and identified six more vulnerabilities as more likely to be exploited within 30 days. Those higher-risk issues affected **SharePoint, MSMQ, ReFS, and several Windows drivers**, underscoring broad exposure across enterprise environments; Sophos said protections were available for five of the patched vulnerabilities, and noted Microsoft patched **1,015 CVEs** through Patch Tuesday during 2024, the company’s highest annual total since 2020.
Jan 1, 2026
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug
Microsoft released fixes for **163 CVEs** across 17 product families, including **8 Critical** vulnerabilities, **1 publicly disclosed** flaw, and **1 vulnerability under active exploitation**. The exploited issue, `CVE-2026-32201`, is a **Microsoft SharePoint Server spoofing vulnerability** that can let an unauthenticated attacker impersonate a user and read or modify certain data. Microsoft also patched `CVE-2026-33825`, a **publicly disclosed Microsoft Defender elevation-of-privilege flaw** that affects systems only when Defender is enabled; the company said customers using Defender automatic updates are remediated automatically. Among the most severe issues, Microsoft highlighted `CVE-2026-33824`, a **Critical Windows Internet Key Exchange (IKE) Service Extensions remote code execution vulnerability** with a **CVSS 9.8**, and advised defenders to restrict **UDP ports 500 and 4500** until patching is complete. Elevation-of-privilege bugs made up the largest share of the release with **94 CVEs**, while **Windows** accounted for **131** of the patched vulnerabilities. Microsoft said **24 flaws** were more likely to be exploited within 30 days, **18** carried CVSS scores of **8.0 or higher**, and the release also included **80 Edge-related advisories**, most inherited from Chrome.
May 25, 2026
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug and Defender Zero-Day
Microsoft released fixes for **163 vulnerabilities** in its April Patch Tuesday update, marking one of its largest security releases on record. The bundle includes **8 Critical** flaws, **154 Important** issues, and **1 Moderate** bug, with seven of the Critical vulnerabilities enabling remote code execution across products and components including **Windows TCP/IP**, **Windows IKE Service Extensions**, **Active Directory**, **Remote Desktop Client**, **Microsoft Office**, and **Microsoft Word**. Belgian authorities urged organizations to apply the updates immediately. The most urgent issues include **`CVE-2026-32201`**, an actively exploited **Microsoft SharePoint Server** vulnerability that was added to CISA’s Known Exploited Vulnerabilities catalog, and **`CVE-2026-33825`** in **Microsoft Defender**, a publicly disclosed zero-day tied to proof-of-concept code associated with the **BlueHammer** exploit. Microsoft also shipped Windows 11 cumulative updates with security hardening changes, including safer handling of **`.rdp`** files and improved visibility into **Secure Boot** certificates, while the broader patch set addressed numerous elevation-of-privilege and security feature bypass flaws that could support post-compromise escalation.
Apr 22, 2026