Microsoft has issued its monthly batch of security updates designed to address more than 60 vulnerabilities across the company’s products.

While this month’s Patch Tuesday release doesn’t cover any actively exploited bugs, it contains fixes for a number of high-risk flaws that could lead to remote code execution or privilege escalation.

The list of the most noteworthy issues includes:

CVE-2024-21407 - Microsoft Windows Hyper-V remote code execution vulnerability.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Hyper-V. A remote attacker can send specially crafted file operation requests and execute arbitrary code on the target system. The flaw affects Windows versions 10 - 11 23H2, Windows Server versions 2012 - 2022 23H2.

CVE-2024-21400 - Microsoft Azure Kubernetes Service Confidential Container elevation of privilege vulnerability.

The vulnerability exists due to the application does not properly impose security restrictions in the Microsoft Azure Kubernetes Service Confidential Container, which leads to security restriction bypass and privilege escalation. All versions of Azure Kubernetes Service Confidential Container are impacted.

CVE-2024-21390 - Microsoft Authenticator privilege escalation vulnerability.

The vulnerability exists due to the application does not properly impose security restrictions in the Microsoft Authenticator, which leads to security restrictions bypass and privilege escalation. The bug affects all versions of Microsoft Authenticator.

CVE-2024-21411 - Skype for Consumer remote code execution vulnerability.

The vulnerability exists due to insufficient validation of user-supplied input in Skype for Consumer. A remote attacker can trick a victim to click the specially crafted link or image and execute arbitrary code on the target system. All versions of Skype for Consumer are impacted.

Besides the above mentioned, Microsoft patched a slew of high-severity security issues affecting Microsoft Windows OLE, Microsoft Open Management Infrastructure (OMI), Microsoft WDAC OLE DB provider for SQL Server, Microsoft SharePoint Server, Microsoft ODBC Driver, Microsoft Exchange Server.