Every second Tuesday of the month, Microsoft releases a bundle of fixes for Windows. This Tuesday brings four zero-day vulnerabilities, two high-criticality vulnerabilities, and some sister patches from Adobe. On Patch Tuesday, which Microsoft calls “Update Tuesday,” other large software companies like Adobe release major security fixes. It’s a time to launch updates across corporate networks, and it occurs during mid-morning Pacific Standard Time to keep admins and users from having to scramble at the beginning of the week or the following day. Patch Tuesday is a useful reminder for admins to ensure their Microsoft security updates are up to date. Attackers exploited four zero-day vulnerabilities The four vulnerabilities attackers have already taken advantage of are: CVE-2024-43491: a flaw in Servicing Stack in Windows 10, version 1507 that opens up Optional Components to vulnerabilities previously thought to be mitigated. Later versions of Windows 10 are not affected. The September 2024 Servicing stack update and the September 2024 Windows security update address this flaw. CVE-2024-38226: a bypass vulnerability in Microsoft Publisher. CVE-2024-38217: a technique by which …