Microsoft has issued fixes for a slew of CVEs—90 in total—including 10 zero-day vulnerabilities, some of which are being actively exploited.

Microsoft releases patches on second Tuesday of the month, in what is commonly called “Patch Tuesday.” Yesterday’s fixes addressed some 90 issues, including zero-day flaws. Of the 10 zero-days, six of them are being actively exploited.

The issues being exploited include the following:

CVE-2024-38106 – 7.0 – Windows Kernel Elevation of Privilege Vulnerability
CVE-2024-38107 – 7.8 – Windows Power Dependency Coordinator Elevation of Privilege Vulnerability
CVE-2024-38178 – 7.5 – Scripting Engine Memory Corruption Vulnerability
CVE-2024-38189 – 8.8 – Microsoft Project Remote Code Execution Vulnerability
CVE-2024-38193 – 7.8 – Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2024-38213 – 6.5 – Windows Mark of the Web Security Feature Bypass Vulnerability

Organizations are urged to update immediately.