Security News > 2024 > October > Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console (MMC). About CVE-2024-43573 and CVE-2024-43572 As far as it can be deduced from the accompanying advisory, CVE-2024-43573 is similar to CVE-2024-38112, a vulnerability in MSHTML, a browser engine for the now deprecated Internet Explorer, which has … More → The post Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/
Related news
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-08 | CVE-2024-43573 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 8.1 |
2024-10-08 | CVE-2024-43572 | Unspecified vulnerability in Microsoft products Microsoft Management Console Remote Code Execution Vulnerability | 7.8 |
2024-07-09 | CVE-2024-38112 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 0.0 |