Microsoft has issued an urgent alert about a critical code execution vulnerability in the Windows Management Console (MMC), identified as CVE-2024-43572. Attackers are actively exploiting this zero-day flaw, which poses significant risks to Windows systems.
Details of the Vulnerability
The vulnerability allows remote code execution through malicious Microsoft Saved Console (MSC) files, a method that attackers are currently leveraging to compromise targeted systems. With a CVSS severity score of 7.8 out of 10, this issue is part of a larger Patch Tuesday rollout that addresses at least 119 vulnerabilities across the Windows ecosystem.
Frequency of Zero-Day Exploits
This incident marks the 23rd time this year that Microsoft has responded to zero-day exploitation before releasing patches. The company has not provided indicators of compromise (IOCs) or telemetry data to help defenders identify potential infections.
Additional Vulnerabilities Addressed
In addition to CVE-2024-43572, Microsoft has identified several other critical vulnerabilities that organizations must address immediately. Notably, CVE-2024-43573 affects the Windows MSHTML platform and is currently being actively exploited. This vulnerability is particularly concerning because many applications, including the Internet Explorer mode in Microsoft Edge, widely use the MSHTML platform.
Attackers frequently target the MSHTML platform, making it a common vector for ransomware and advanced persistent threat (APT) groups. Exploiting these vulnerabilities can lead to significant risks, including data breaches and system compromises. As a result, organizations must prioritize patching these vulnerabilities and implementing robust security measures to protect their systems from potential attacks.
Focus on Remote Code Execution Bugs
Microsoft has urged users to prioritize fixes for several remote code execution vulnerabilities, including those in the Microsoft Configuration Manager (CVE-2024-43468) and the Remote Desktop Protocol Server (CVE-2024-43582). The October patch batch also addresses a Winlogon privilege escalation flaw (CVE-2024-43583), a Windows Hyper-V security feature bypass (CVE-2024-20659), and a code execution issue in the Windows cURL implementation.
Check out more articles related to cyber security