• Vulnerable U
  • Posts
  • Microsoft Fixes Two Actively Exploited Bugs

Microsoft Fixes Two Actively Exploited Bugs

Author

Newsroom
October 09, 2024

Microsoft patched two actively exploited vulnerabilities as part of a pretty large October Patch Tuesday update, both of which affect a long list of Windows versions. One of the exploited bugs is only a platform-spoofing flaw, but the other can lead to remote code execution and would get an attacker system-level privileges, which is not what you want. 

CVEs Involved: CVE-2024-43572 and CVE-2024-43573

Why It Matters: Both of these vulnerabilities have been exploited by attackers already, and they’re both in Windows components that attackers love to target. And now that the patches for the vulnerabilities are available, other attackers will be able to reverse-engineer them and tease out the details of the bugs and develop exploits. 

Key Details

  • CVE-2024-43572 is the more serious of the two exploited vulnerabilities and can be used to gain remote code execution. It affects many versions of Windows and Windows Server, and it’s in the Microsoft Management Console, a Windows component that attackers target fairly often. Microsoft gave this bug an Important rating, but given that it has been exploited already, it should be a priority for patching. 

  • CVE-2024-43573 is a platform-spoofing flaw in the MSHTML component and it affects nearly all currently supported versions of Windows and Windows Server. Microsoft put a Moderate tag on this flaw, but it allows an attacker to gain access to the targeted platform and results in a complete loss of confidentiality. 

  • The MSHTML bug is a little odd, as it also affects Internet Explorer, which Microsoft no longer supports on most platforms. “While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications,” the advisory says. 

What to Do Now: Patch! As we know, attackers pay close attention to the patch releases from major vendors, especially Microsoft, and love to pounce on newly disclosed vulnerabilities, specifically those that can get them privileged access to a target. 

Further Reading: