Microsoft on Tuesday disclosed 56 vulnerabilities, including six critical ones and one moderate vulnerability that has been exploited.
The patches released address common vulnerabilities and exposures (CVEs) in: Microsoft Windows and Windows Components; Azure; Office and Office Components; SysInternals; Microsoft Edge (Chromium-based); SharePoint Server; and the .NET framework.
The one exploited CVE disclosed on Patch Tuesday impacts the Windows SmartScreen Security Feature. To exploit it, an attacker could craft a malicious file that would evade Mark of the Web (MOTW) defenses.
When you download a file from the internet, Windows adds the zone identifier, or MOTW, to the file.
That MOTW prompts Windows SmartScreen to conduct a reputation check.
However, this exploit results in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
Also: Is Microsoft really going to cut off security updates for your 'unsupported' Windows 11 PC?
To exploit the vulnerability, the attacker would have to convince a user to visit a malicious website or click on a malicious attachment.
The six critical CVEs disclosed on Tuesday were all Remote Code Execution (RCE) vulnerabilities. They impact: Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central (On Premises), Microsoft SharePoint Server, PowerShell, and Windows Secure Socket Tunneling Protocol (SSTP).