Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Microsoft Confirms Exploited Zero-Day in Windows Management Console

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. 

Microsoft bug bounty

Microsoft issued an urgent warning on Tuesday about an actively exploited code execution vulnerability in a Windows component used for system configuration and monitoring.

The zero-day, tagged as CVE-2024-43572, is documented as a remote code execution issue in Microsoft Management Console (MMC), an oft-targeted component of the Windows operating system.

Redmond’s security response team warned that attackers are leveraging malicious Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. 

The flaw carries a CVSS severity score of 7.8/10 and headlines a hefty Patch Tuesday rollout to cover at least 119 documented vulnerabilities through the Windows ecosystem.

As is customary, Microsoft did not share IOCs (indicators of compromise) or any other telemetry data to help defenders to hunt for signs of infections.

This is the 23rd time this year Microsoft is forced to respond to zero-day exploitation prior to the availability of patches.

Advertisement. Scroll to continue reading.

The October batch of patches also cover critical-severity flaws in the Visual Studio Code extension for Arduino, the Remote Desktop Protocol Server, and the Microsoft Configuration Manager.  All these vulnerabilities are documented as “remote code execution” issues.

Microsoft also flagged CVE-2024-43573 for urgent attention, warning that a flaw in the Windows MSHTML platform is also in the “exploitation detected” category.

The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control and has been regularly targeted by ransomware and nation-state APT hacking teams.

The world’s largest software maker also urged Windows users to prioritize fixes for remote code execution bugs in the Microsoft Configuration Manager (CVE-2024-43468) and Remote Desktop Protocol Server (CVE-2024-43582) components.

The company also pushed out patches for several publicly-known issues, including a Winlogon privilege escalation flaw (CVE-2024-43583), a Windows Hyper-V security feature bypass bug (CVE-2024-20659), and a code execution problem in the Windows cURL implementation.

Separately on Patch Tuesday, Adobe released urgent patches to fix security defects in multiple product lines and warned of code execution risks on Windows and macOS platforms.

The Adobe rollout includes a critical-severity bulletin documenting 25 vulnerabilities in Adobe Commerce that expose businesses to  code execution, privilege escalation, and security feature bypass attacks. Two of the 25 vulnerabilities carry a CVSS severity score of 9.8/10.

Related: Critical Flaws in Adobe Commerce and Magento Products

Related: SAP Patches Critical Vulnerability in BusinessObjects

Related: macOS Sequoia Update Fixes Security Software Compatibility Issues

Related: Qualcomm Alerted to Possible Zero-Day Exploited in Targeted Attacks

Related: Android’s October 2024 Update Patches 26 Vulnerabilities

Written By

Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs, and a regular speaker at security conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.