Patch/Configuration Management

The critical and high severity flaws were discovered by Google Cloud researchers.

The patch dump is the largest from Microsoft in over half a decade.

Security pros call any bypass of SIP security significant – advise teams to patch right away.

More notable of the newly added vulnerabilities is the medium-severity BeyondTrust PRA and RS operating system command injection flaw, tracked as CVE-2024-12686, which has been leveraged by Chinese state-sponsored threat actors alongside the CVE-2024-12686 flaw to compromise the U.S. Treasury Department.

Aside from enabling rootkit installation, exploiting the flaw could also result in the establishment of persistent and unremovable malware, as well as the avoidance of Transparency, Consent, and Control security inspections, an analysis from Microsoft showed.

Included in the leaked files were individuals' IDs, passports, driver's licenses, voter IDs, and selfies, according to Cybernews researchers.