Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited
Big numbers
The other way to judge the severity of a vulnerability is to look at its CVSS score. On that score, several other flaws stand out, principally CVE-2024-43468, an RCE in Microsoft Configuration Manager with a “critical” rated CVSS score of 9.8, and CVE-2024-43488, an issue in the Arduino extension for Visual Studio which Microsoft has already mitigated.
However, one that every security manager will jump on is CVE-2024-43582, a critical RCE vulnerability with an 8.1 CVSS score in Remote Desktop Protocol (RDP) server, an interface ransomware attackers in particular love to target.
In total, eight vulnerabilities were tagged “exploitation more likely,” Microsoft’s way of signalling that an exploit is likely within weeks. As ever, getting ahead of these is about applying this week’s patches and mitigations.