Security News > 2024 > October > Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console (MMC). About CVE-2024-43573 and CVE-2024-43572 As far as it can be deduced from the accompanying advisory, CVE-2024-43573 is similar to CVE-2024-38112, a vulnerability in MSHTML, a browser engine for the now deprecated Internet Explorer, which has … More → The post Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/
Related news
- Microsoft fixes actively exploited Windows CLFS zero-day (CVE-2025-29824) (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-08 | CVE-2024-43573 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 8.1 |
| 2024-10-08 | CVE-2024-43572 | Unspecified vulnerability in Microsoft products Microsoft Management Console Remote Code Execution Vulnerability | 7.8 |
| 2024-07-09 | CVE-2024-38112 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 0.0 |