Microsoft's latest Patch Tuesday update addressed 89 security vulnerabilities across its software, including four zero-day flaws, two of which are actively exploited. CVE-2024-43451 (NTLM Hash Disclosure) and CVE-2024-49039 (Windows Task Scheduler Privilege Escalation) pose significant risks, allowing remote attacks and privilege elevation, respectively. The remaining zero-days—CVE-2024-49040 (Exchange Server Spoofing) and CVE-2024-49019 (Active Directory Elevation of Privilege)—have been disclosed but not exploited. The update also includes critical patches for vulnerabilities in Windows Kerberos, Hyper-V, .NET, Visual Studio, and Azure CycleCloud. Microsoft urges immediate patching to safeguard against these threats. Other notable updates this month include patches for Citrix, SAP, Epson, and Cisco products.