Organizations were alerted by Microsoft regarding ongoing attacks involving the exploitation of a high-severity Microsoft Management Console remote code execution zero-day, tracked as CVE-2024-43572, which is among the nearly 120 security issues addressed by the firm as part of this month's Patch Tuesday, SecurityWeek reports.
While Microsoft noted Windows systems being targeted with RCE using the flaw, no indicators of compromise or telemetry information regarding the issue have been provided. Other vulnerabilities fixed by Microsoft include critical RCE bugs in the Remote Desktop Protocol Server, Visual Studio Code extension for Arduino, and the Microsoft Configuration Manager. Microsoft has also resolved the Windows Hyper-V security feature bypass flaw, tracked as CVE-2024-20659, and the Winlogon privilege escalation bug, tracked as CVE-2024-43583. On the other hand, several vulnerabilities have also been fixed by Adobe as part of this month's patches, including more than two dozen Adobe Commerce flaws, two of which are of critical severity.
