This flaw is currently being actively used by attackers who use Microsoft Registered Console (MSC) files to remotely execute code on “target Windows systems.”
The vulnerability has a CVSS score of 7.8 out of 10 and was fixed in a recent update that addresses at least 119 more documented vulnerabilities in the Windows ecosystem. This is the 23rd time this year that Microsoft has had to respond to a zero-day vulnerability that was exploited before a patch was released.
In addition to CVE-2024-43 572, Microsoft has detected another vulnerability requiring “urgent attention” in the MSHTML platform, which is often the target of hacker groups: CVE-2024-43 573.
The October “update cycle” also includes critical fixes for issues in Visual Studio Code, Hyper-V, and Winlogon, as well as several urgent updates from Adobe.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
