CISA warns of active exploitation of Microsoft zero-day vulnerabilities

Home/Exploitation, Microsoft, Security Advisory, Security Update, vulnerability, Zero Day Attack/CISA warns of active exploitation of Microsoft zero-day vulnerabilities

CISA warns of active exploitation of Microsoft zero-day vulnerabilities

CISA warns of two critical Microsoft zero-day vulnerabilities, CVE-2024-43572 and CVE-2024-43573, actively exploited in the wild.

CVE-2024-43572

The first vulnerability, CVE-2024-43572, affects the Microsoft Windows Management Console, allowing attackers to remotely execute code on affected systems.

Although details about the vulnerability are limited, it poses a serious threat by allowing unauthorized access and control of compromised systems. It’s unclear if it has been used in ransomware attacks.

Recommended Actions:

Users should follow Microsoft’s mitigation instructions. If none are available, it’s advised to discontinue the affected product. The deadline to address this vulnerability is October 29, 2024.

CVE-2024-43573

The second vulnerability, CVE-2024-43573, affects the Microsoft Windows MSHTML Platform. This spoofing vulnerability can compromise confidentiality by tricking users into thinking they are using a legitimate interface or service. It’s also unclear if this vulnerability has been exploited in ransomware attacks.

Recommended Actions:

Users should follow Microsoft’s guidelines or stop using the affected software by October 29, 2024. CISA’s alert emphasizes the urgent need for immediate action by organizations and individuals using Microsoft Windows products.

Keeping systems updated and secure against these vulnerabilities is essential to prevent data breaches and system compromises.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-10-28T23:13:34+05:30 October 9th, 2024|Exploitation, Microsoft, Security Advisory, Security Update, vulnerability, Zero Day Attack|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!