Microsoft has recently addressed a significant security concern with the release of a patch for CVE-2024-43572, a vulnerability in the Microsoft Management Console. This flaw, rated as Important with a CVSS score of 7.8, enables remote code execution (RCE) through malicious Microsoft Saved Console (MSC) files. These files, integral to the Windows Command Prompt and PowerShell environments, can inadvertently expose sensitive information, including command histories. While Microsoft has opted not to disclose specific details regarding the exploitation methods, the update aims to prevent the opening of untrusted MSC files, thereby enhancing user security.
| Severity | CVSS Score | CVE | Description |
| Important | 7.8 | CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability |
Windows MSHTML Platform Vulnerability
In another development, the Windows MSHTML Platform has been patched for CVE-2024-43573, a vulnerability classified as Moderate with a CVSS score of 6.5. This spoofing vulnerability affects a range of Microsoft products, including Microsoft 365 and Office applications, as well as Internet Explorer 11 and Legacy Microsoft Edge browsers. Despite its history of being targeted in previous attacks, Microsoft has not provided details on the current exploitation or the source of the disclosure.
| Severity | CVSS Score | CVE | Description |
| Moderate | 6.5 | CVE-2024-43573 | Windows MSHTML Platform Spoofing Vulnerability |
Critical Vulnerabilities in Key Microsoft Products
Three critical vulnerabilities have emerged, demanding immediate attention from users. The first, CVE-2024-43468, poses a Critical RCE risk within Microsoft Configuration Manager, boasting a CVSS score of 9.8. This vulnerability allows unauthenticated attackers to execute code remotely, necessitating an in-console update for protection. The second, CVE-2024-43488, affects the Arduino extension for Visual Studio Code, also classified as Critical with a score of 8.8. Due to inadequate authentication measures, attackers can exploit this flaw for remote code execution, prompting Microsoft to remove the extension from its marketplace. Lastly, CVE-2024-43582 targets the Remote Desktop Protocol Server, rated Critical with a score of 8.1. This vulnerability allows remote, unauthenticated attackers to execute arbitrary code through specially crafted RPC requests, raising concerns about potential self-propagation if not addressed swiftly.
| Severity | CVSS Score | CVE | Description |
| Critical | 9.8 | CVE-2024-43468 | Microsoft Configuration Manager Remote Code Execution Vulnerability |
| Critical | 8.8 | CVE-2024-43488 | Visual Studio Code Extension for Arduino Remote Code Execution Vulnerability |
| Critical | 8.1 | CVE-2024-43582 | Remote Desktop Protocol Server Remote Code Execution Vulnerability |
Patch Tuesday Dashboard in the Falcon Platform
For those seeking a comprehensive overview of the vulnerabilities addressed this month, the newly launched Patch Tuesday dashboard within the CrowdStrike Falcon® platform offers valuable insights. Accessible via the Exposure Management > Vulnerability Management > Dashboards page, this tool provides a visual representation of the most recent vulnerabilities over the past three months.
Mitigation Strategies Beyond Patching
As history has shown with vulnerabilities like Log4j, not every exploitable flaw can be patched promptly. The ProxyNotShell vulnerabilities serve as a reminder of the necessity for robust response plans to safeguard environments when patches are unavailable. Regularly reviewing patching strategies is essential, but organizations should also adopt a holistic approach to cybersecurity, enhancing their overall security posture.
The CrowdStrike Falcon® platform continuously gathers and analyzes trillions of endpoint events daily from millions of sensors across 176 countries. A demo showcasing the Falcon platform’s capabilities is available for those interested.
Learn More
For further insights into how CrowdStrike Falcon® Exposure Management can assist in swiftly identifying and prioritizing vulnerabilities, additional information is available.
About CVSS Scores
The Common Vulnerability Scoring System (CVSS) is an open industry standard utilized by CrowdStrike and other cybersecurity organizations to evaluate and communicate the severity and characteristics of software vulnerabilities. The CVSS Base Score ranges from 0.0 to 10.0, with the National Vulnerability Database (NVD) providing severity ratings for these scores. More details on vulnerability scoring can be found in a dedicated article.
Additional Resources
- For information regarding Microsoft’s Extended Security Updates program, refer to the vendor guidance.
- Discover how Falcon Exposure Management can help identify and manage vulnerabilities in your environments.
- Learn about CrowdStrike’s external attack surface module, CrowdStrike® Falcon Surface™, designed to uncover unknown, exposed, and vulnerable internet-facing assets.
- Improve visibility with custom filters and team dashboards using CrowdStrike Falcon® Spotlight.
- Experience CrowdStrike next-gen antivirus with a free trial of CrowdStrike® Falcon Prevent™.
