Microsoft recently released patches for six actively exploited bugs, as well other vulnerabilities. “The flaws exist in Microsoft’s Project management software and various Windows products, from Windows Scripting Engine to the Windows Power Dependency Coordinator component responsible for managing system power usage,” reports Lindsey O’Donnell-Welch.

One of these bugs, a high-severity Microsoft Project vulnerability (CVE-2024-38189) affecting Microsoft 365 Apps for Enterprise, Microsoft Office 2019, and more, could enable remote code execution. To exploit the flaw, “an attacker would need to convince a target to open a malicious file, either via a phishing email or an attacker-controlled website,” O’Donnell-Welch says.

The company also addressed a remote code execution flaw affecting Windows TCP/IP (CVE-2024-38063).

Read more at Duo Decipher.