CVE-2024-43572

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to 10.0.10240.20796 Microsoft Windows versions prior to 10.0.14393.7428 Microsoft Windows versions prior to 10.0.17763.6414 Microsoft Windows versions prior to 10.0.19044.5011 Microsoft Windows versions prior to 10.0.19045.5011

Description: The issue is related to a remote code execution problem in Microsoft Management Console. It allows attackers to execute arbitrary code on targeted Windows systems by rigging Microsoft Saved Console (MSC) files. The vulnerability can be exploited when a user loads a specially crafted MSC file. There have been reports of active exploitation of this issue.

Recommendations: For Microsoft Windows versions prior to 10.0.10240.20796, update to a version that includes the security patch. For Microsoft Windows versions prior to 10.0.14393.7428, update to a version that includes the security patch. For Microsoft Windows versions prior to 10.0.17763.6414, update to a version that includes the security patch. For Microsoft Windows versions prior to 10.0.19044.5011, update to a version that includes the security patch. For Microsoft Windows versions prior to 10.0.19045.5011, update to a version that includes the security patch. As a temporary workaround, consider restricting access to untrusted Microsoft Saved Console (MSC) files until a patch is available.