Understanding Zero-Day Vulnerabilities in Microsoft's October Update
Zero-Day Vulnerabilities Addressed in Microsoft October Update
On Microsoft's Patch Tuesday, the company focused on zero-day vulnerabilities, addressing a total of 117 vulnerabilities, including two that are actively being exploited. The first, CVE-2024-43573, is a spoofing flaw in the Windows MSHTML component, which remains a critical concern despite the retirement of Internet Explorer.
Details on Active Exploits
CVE-2024-43573 poses a moderate threat with a CVSS score of 6.5, impacting Windows users, Microsoft 365, and Microsoft Office. Its spoofing nature allows attackers to conceal malicious files behind seemingly innocent extensions. This is a concerning trend, as it's the fourth significant exploit of MSHTML in recent months.
Significant Remote Code Exploit
The second flaw, CVE-2024-43572, is judged more severe with a CVSS score of 7.8. This remote code execution vulnerability in Microsoft Management Console (MMC) requires a user to open a malicious MSC file. This highlights ongoing challenges as it’s the second critical issue within MMC in two months.
As users, keeping software updated is essential to mitigate risks posed by such exploits.
This article was prepared using information from open sources in accordance with the principles of Ethical Policy. The editorial team is not responsible for absolute accuracy, as it relies on data from the sources referenced.