Microsoft offers updates on 117 vulnerabilities on Patch Tuesday
Microsoft on Tuesday shared security updates on 117 common vulnerabilities and exposures, including two that are being actively exploited, according to the company.
The actively exploited vulnerabilities relate to the Microsoft Management Console (CVE-2024-43572) and the Windows MSHTML Platform (CVE-2024-43573), the company said.
The list includes five publicly disclosed zero-days in total, as part of 28 elevation-of-privilege vulnerabilities, seven security feature bypasses, 43 remote code execution vulnerabilities, six information disclosure vulnerabilities, 26 denial-of-service vulnerabilities and seven spoofing vulnerabilities, according to Bleeping Computer.
The MSHTML vulnerability exploits an issue with the Internet Explorer web browser, making it the fourth such MSHTML vulnerability to be exploited in the wild in 2024, Brian Krebs reported Tuesday. Security Week reported that the MSHTML platform has been widely targeted by ransomware and advanced nation-state hacking teams.
The Microsoft Management Console vulnerability allows attackers who leverage malicious Microsoft Saved Console (MSC) files to execute remote code on targeted systems, according to Security Week.