Microsoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including the QakBot trojan.

Microsoft’s updates addressed 61 vulnerabilities across its products, but only one was rated critical: a remote code execution flaw in SharePoint Server (CVE-2024-30044). However, successful exploitation of this flaw requires attackers to take additional steps in order to prepare the target environment.