Microsoft Corp. released software updates to fix 139 security vulnerabilities in Windows and other products, with two zero-day flaws already being exploited by attackers. These include CVE-2024-38080 affecting Windows 11 and Server 2022, allowing attackers to elevate privileges, and CVE-2024-38112 in Internet Explorer's engine, requiring an attack chain for exploitation. Another critical flaw, CVE-2024-38021 in Microsoft Office, could lead to NTLM hash disclosure. Morphisec disagrees with Microsoft's severity rating for this issue. Windows WiFi driver vulnerability from the previous month allowed installation of malicious software over a local network. Additionally, vulnerabilities in Windows Remote Desktop services (CVE-2024-38077, CVE-2024-38074, CVE-2024-38076) should be prioritized for patching. End of Support for SQL Server 2014 highlights the need for timely updates. Regularly monitoring security updates and backing up data before patches is recommended to ensure system security.