Microsoft Releases Security Update Addressing 118 Flaws, Two Currently Being Exploited

Oct 09, 2024Ravie LakshmananVulnerability / Zero-Day

Microsoft has rolled out security patches to address a total of 118 vulnerabilities across its array of software products, with two of them currently being exploited in real-world scenarios.

Out of the 118 flaws, three carry a Critical rating, while 113 are marked as Important, and two have been classified as Moderate in terms of severity. The Patch Tuesday update excludes the 25 additional vulnerabilities that were recently addressed in Microsoft’s Chromium-based Edge browser.

At the time of release, five vulnerabilities were already publicly known, with two of them actively being exploited as zero-day vulnerabilities:

• CVE-2024-43572 (CVSS score: 7.8) – Microsoft Management Console Remote Code Execution Vulnerability (Exploitation detected)
• CVE-2024-43573 (CVSS score: 6.5) – Windows MSHTML Platform Spoofing Vulnerability (Exploitation Detected)
• CVE-2024-43583 (CVSS score: 7.8) – Winlogon Elevation of Privilege Vulnerability
• CVE-2024-20659 (CVSS score: 7.1) – Windows Hyper-V Security Feature Bypass Vulnerability
• CVE-2024-6197 (CVSS score: 8.8) – Open Source Curl Remote Code Execution Vulnerability (non-Microsoft CVE)

It is pertinent to note that CVE-2024-43573 shares similarities with CVE-2024-38112 and CVE-2024-43461, two other MSHTML spoofing vulnerabilities that were previously exploited by the Void Banshee threat actor to distribute the Atlantida Stealer malware before July 2024.

 and LinkedIn to read more exclusive content we post.