Microsoft has officially acknowledged the existence of exploits that circumvent its security measures, spotlighting the urgency during its Patch Tuesday event, which introduced an extensive array of updates aimed at enhancing security. On this occasion, Microsoft brought attention to three specific vulnerabilities that are currently being exploited through malware attacks. The tech giant highlighted a comprehensive list of 72 security flaws within the Windows environment, cautioning users about the potential for remote code execution, bypass of security features, disclosure of sensitive information, and escalation of privileges.

Among the critical vulnerabilities, CVE-2021-43890 was singled out, a bug from 2021, with Microsoft’s security team reporting known attempts to exploit this flaw using malicious packages linked to the Emotet/Trickbot/Bazaloader malware families. Microsoft’s Threat Intelligence has observed a surge in threat actors employing social engineering and phishing to compromise Windows OS users, leading to the deactivation of the ms-appinstaller protocol as a default security measure.

Microsoft also emphasized the significance of two vulnerabilities, CVE-2024-21412 and CVE-2024-21351, which have been exploited in malware campaigns, urging Windows administrators to take these threats seriously. Additionally, an update was released to address a remote code execution vulnerability in Microsoft Office (CVE-2024-21413), which could be exploited through the software’s Preview Pane. This flaw, with a high severity rating of 9.8, could potentially allow attackers to circumvent the Office Protected View and manipulate documents in editing mode instead of the intended protected mode.

In a related development, Adobe issued patches for at least 30 security vulnerabilities across various products, highlighting the risk of unpatched systems to code execution, security feature bypass, and denial-of-service attacks. The updates covered critical issues in Adobe Acrobat and Reader for both Windows and macOS users, with potential consequences including arbitrary code execution, application crashes, and memory leaks. Adobe also drew attention to urgent updates for Adobe Commerce and noted risks associated with Adobe Substance 3D Painter, Adobe FrameMaker Publishing Server, Adobe Audition, and Adobe Substance 3D Designer, although no active exploits have been detected for the vulnerabilities addressed in its February patch collection.