Security News > 2024 > October > Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console (MMC). About CVE-2024-43573 and CVE-2024-43572 As far as it can be deduced from the accompanying advisory, CVE-2024-43573 is similar to CVE-2024-38112, a vulnerability in MSHTML, a browser engine for the now deprecated Internet Explorer, which has … More → The post Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/
Related news
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)
- New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) (source)
- Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability | 6.5 |
| 2024-10-08 | CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability | 7.8 |
| 2024-07-09 | CVE-2024-38112 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 7.5 |