This month’s patches are oddly “light”. We have patches for 60 vulnerabilities and 4 Chromium patches affecting Microsoft Edge. But only two of the vulnerabilities are rated as “Critical”:
CVE-2024-21408: Windows Hyper-V Denial of Service Vulnerability CVE-2024-21407: Windows Hyper-V Remote Code Execution Vulnerability
Oddly, Microsoft considers a DoS vulnerability “critical”. However, a DoS against Hyper-V could have a significant impact, which may justify the rating. The code execution vulnerability justifies a rating of critical. However, exploitation requires an attacker to first gain a foothold inside a virtual machine.
Other vulnerabilities of interest:
CVE-2024-26198: A remote code execution vulnerability for Exchange Server. This is a DLL loading issue that is typically more difficult to exploit. Authentication is required to exploit the vulnerability.
Overall, this Patch Tuesday doesn’t look too bad. Follow your normal patch management process. There is no need to get all worked up; tomorrow morning: Have some coffee, test… and later deploy once the tests are completed successfully.