Microsoft has issued the latest Patch Tuesday round-up of Windows security fixes and this time it’s serious: 2 of 4 new zero-day bugs are being actively exploited.

It’s been another busy Patch Tuesday for system administrators, with Microsoft releasing updates for nearly 100 vulnerabilities, four of which are classed as zero-days. Microsoft classifies a zero-day flaw as a CVE that has been publicly disclosed or actively exploited before a patch is available.

Microsoft's November 2024 Patch Tuesday addressed 91 vulnerabilities. This includes four zero-days, two of which were actively exploited in attacks.

On Patch Tuesday, Windows systems will be updated with a flood of security fixes. In November, Windows patched four zero-day vulnerabilities, two of which have been exploited.

Microsoft patched 90 security flaws across the Windows ecosystem warns of zero-day exploitation and code execution risks.

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities.

The Patch Tuesday updates for November 2024 are here and you should get them as soon as possible otherwise your PC might be in danger.

The other two zero days being patched are CVE-2024-49040, a flaw in Exchange rated “important” that could allow an attacker to spoof the email address of a sender, and CVE-2024-49019, an elevation of privileges flaw in Active Directory (AD) which an attacker could use to gain the powers of a domain admin.