Microsoft warned organizations about ongoing attacks involving the exploitation of a high-severity Microsoft Management Console remote code execution zero-day, tracked as CVE-2024-43572, which is among the nearly 120 security issues addressed by the firm as part of this month's Patch Tuesday, SecurityWeek reports.
While Microsoft noted that Windows systems were targeted with RCE using the flaw, no indicators of compromise or telemetry information regarding the issue have been provided.
Other vulnerabilities fixed by Microsoft include critical RCE bugs in the Remote Desktop Protocol Server, Visual Studio Code extension for Arduino, and the Microsoft Configuration Manager. Microsoft has also resolved the Windows Hyper-V security feature bypass flaw, tracked as CVE-2024-20659, and the Winlogon privilege escalation bug, tracked as CVE-2024-43583.
Adobe has also fixed several vulnerabilities as part of this month's patches, including more than two dozen Adobe Commerce flaws, two of which are of critical severity.
