Microsoft warns of active MMC exploit

MMC exploit

Microsoft issued an urgent warning on Tuesday about an actively exploited code execution vulnerability in a Windows component used for system configuration and monitoring. The zero-day vulnerability is documented as a remote code execution issue in Microsoft Management Console (MMC), a commonly targeted component of the Windows operating system. Redmond’s security response team warned that attackers are leveraging malicious Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems.

The flaw carries a CVSS severity score of 7.8/10 and headlines a hefty Patch Tuesday rollout to cover at least 119 documented vulnerabilities throughout the Windows ecosystem. As is customary, Microsoft did not share IOCs (indicators of compromise) or any other telemetry data to help defenders hunt for signs of infections. This is the 23rd time this year Microsoft has had to respond to zero-day exploitation prior to the availability of patches.

The October batch of patches also covers critical-severity flaws in the Visual Studio Code extension for Arduino, the Remote Desktop Protocol Server, and the Microsoft Configuration Manager.

Microsoft issues critical exploit warning

All these vulnerabilities are documented as “remote code execution” issues.

Microsoft also flagged for urgent attention, warning that a flaw in the Windows MSHTML platform is also in the “exploitation detected” category. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control and has been targeted by ransomware and hacking teams. The world’s largest software maker also urged Windows users to prioritize fixes for remote code execution bugs in the Microsoft Configuration Manager and Remote Desktop Protocol Server components.

The company also pushed out patches for several publicly known issues, including a Winlogon privilege escalation flaw (CVE-2024-43583), a Windows Hyper-V security feature bypass bug (CVE-2024-20659), and a code execution problem in the Windows cURL implementation. Separately on Patch Tuesday, Adobe rolled out updates to fix security defects in multiple product lines and warned of code execution risks on Windows and macOS platforms. The Adobe rollout includes a critical-severity patch documenting 25 vulnerabilities in Adobe Commerce that expose businesses to code execution, privilege escalation, and security feature bypass attacks.

Two of the 25 vulnerabilities carry a CVSS severity score of 9.8/10.

Do you truly know yourself?

Your FREE personalized Moon Reading explores the secret depths of your personality, relationships and true purpose in life.

Get Your Free Reading

Picture of Noland Anderson

Noland Anderson

Noland Anderson is the driving force behind a cutting-edge technology company at the forefront of digital transformation. As the founder and CEO, Noland combines his deep expertise in tech with a passion for innovation to deliver groundbreaking solutions to clients worldwide.

RECENT ARTICLES

TRENDING AROUND THE WEB

If you want to have a cleaner lifestyle without depriving yourself, say goodbye to these 8 behaviors

If you want to have a cleaner lifestyle without depriving yourself, say goodbye to these 8 behaviors

Baseline

If you want a thriving love life in your retirement years, say goodbye to these 8 habits

If you want a thriving love life in your retirement years, say goodbye to these 8 habits

Global English Editing

8 subtle signs someone isn’t actually as bright as they pretend to be

8 subtle signs someone isn’t actually as bright as they pretend to be

Small Business Bonfire

If you really want to have a successful and happy retirement, say goodbye to these 6 habits

If you really want to have a successful and happy retirement, say goodbye to these 6 habits

Global English Editing

Shocking images of UnitedHealthcare CEO Brian Thompson’s attacker surface as manhunt intensifies in New York

Shocking images of UnitedHealthcare CEO Brian Thompson’s attacker surface as manhunt intensifies in New York

Baseline

If you want your retirement to always be comfortable and stress-free, say goodbye to these 4 habits

If you want your retirement to always be comfortable and stress-free, say goodbye to these 4 habits

Baseline