Big numbers
Another way to judge the severity of a vulnerability is to look at its CVSS score. In that result, several other bugs stood out, especially CVE-2024-43468, an RCE in Microsoft Configuration Manager with a “critical” CVSS rating of 9.8 points, and CVE-2024-43488, which is a problem in the extension of Arduino for Visual Studio. which Microsoft has already introduced.
However, the one that every security manager will jump to is CVE-2024-43582, an RCE critical vulnerability with an 8.1 CVSS score in the Remote Desktop Protocol (RDP) server, the interface that ransomware attackers love to target.
In all, eight vulnerabilities were marked as “highly exploitable,” Microsoft’s way of indicating that an exploit could happen within weeks. As always, moving forward this week is all about using patches and cuts this week.
Source link