Hi everyone,

Microsoft has released its latest round of security updates today as part of Patch Tuesday, addressing 137 security vulnerabilities across Windows, Microsoft Office, Azure, and other services. The good news is that none of these are currently being exploited, but several are rated as likely to be targeted soon, so timely updates are important.

For more details, you can read the full report here: https://www.securityweek.com/microsoft-patches-137-vulnerabilities/

What's Being Fixed

• Microsoft Word & Office – Several vulnerabilities that could allow an attacker to run harmful code on your computer simply by previewing a malicious document in Outlook — you wouldn't even need to open it. Over two dozen Office-related issues were resolved.
• Windows Remote Desktop & Kernel – Fixes that prevent attackers from gaining elevated access to your system, which could allow them to take control of your device.
• Windows DNS & Netlogon – Fixes for flaws in how Windows handles network communication and authentication, which could have allowed attackers to run code remotely.
• Windows Hyper-V – A fix for virtualization environments to prevent unauthorized access between virtual machines.
• Azure & Cloud Services – Security improvements for Azure Logic Apps, Azure AI Foundry, and other cloud components.
• Microsoft SSO Plugin  – A critical fix for an authentication flaw that could allow someone to gain higher-level access than they should have.
• Windows GDI – A fix for a flaw that could be triggered by opening a malicious image file in Microsoft Paint.

What You Need to Do

These updates are being deployed automatically via Endpoint Central. When the updates are ready, you will be prompted to reboot your device. Please proceed with the reboot when prompted — this is required to complete the installation and keep your device protected.

If you run into any issues or see repeated prompts, contact the ACORD Helpdesk at helpdesk@acord.org.