CISA warns of two critical Microsoft zero-day vulnerabilities, CVE-2024-43572 and CVE-2024-43573, actively exploited in the wild.
CVE-2024-43572
The first vulnerability, CVE-2024-43572, affects the Microsoft Windows Management Console, allowing attackers to remotely execute code on affected systems.
Although details about the vulnerability are limited, it poses a serious threat by allowing unauthorized access and control of compromised systems. It’s unclear if it has been used in ransomware attacks.
Recommended Actions:
Users should follow Microsoft’s mitigation instructions. If none are available, it’s advised to discontinue the affected product. The deadline to address this vulnerability is October 29, 2024.
CVE-2024-43573
The second vulnerability, CVE-2024-43573, affects the Microsoft Windows MSHTML Platform. This spoofing vulnerability can compromise confidentiality by tricking users into thinking they are using a legitimate interface or service. It’s also unclear if this vulnerability has been exploited in ransomware attacks.
Recommended Actions:
Users should follow Microsoft’s guidelines or stop using the affected software by October 29, 2024. CISA’s alert emphasizes the urgent need for immediate action by organizations and individuals using Microsoft Windows products.
Keeping systems updated and secure against these vulnerabilities is essential to prevent data breaches and system compromises.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment