Microsoft Patches 117 Flaws Including Exploited MMC and MSHTML Zero-Days
Microsoft released fixes for 117 vulnerabilities across 15 product families, including 3 Critical, 110 Important, 3 Moderate, and 1 Low severity issues. Two flaws were already being exploited in the wild: CVE-2024-43572 in Microsoft Management Console and CVE-2024-43573 in the Windows MSHTML Platform. Microsoft also flagged eight additional vulnerabilities as more likely to be exploited within 30 days, while Windows accounted for the vast majority of the exposure with 93 CVEs spanning remote code execution, elevation of privilege, and denial-of-service bugs.
The most severe issues included CVE-2024-43468, a Critical Microsoft Configuration Manager remote code execution flaw with a CVSS 9.8 score that requires an in-console update and additional hardening, and CVE-2024-38124, a Windows Netlogon elevation of privilege vulnerability with mitigation guidance. The release also addressed 15 Windows Mobile Broadband Driver flaws that generally require physical access or proximity, Windows 11 24H2-specific bugs such as CVE-2024-43527 and CVE-2024-43571, and advisory items affecting Edge and curl-related components; Sophos said protections were available for CVE-2024-43502, CVE-2024-43572, and CVE-2024-43573.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Microsoft says two October vulnerabilities are exploited in the wild
In the October Patch Tuesday release, Microsoft reported active exploitation of CVE-2024-43572 in Microsoft Management Console and CVE-2024-43573 in the Windows MSHTML Platform. The company also assessed eight additional CVEs as more likely to be exploited within 30 days.
Microsoft releases October Patch Tuesday with 117 CVEs
Microsoft's October Patch Tuesday release delivered 117 patches across 15 product families, including 3 Critical and 110 Important vulnerabilities. The release included heavily Windows-focused fixes, with 93 CVEs affecting Windows components.
Sources
1 reference tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Microsoft Patches 163 Flaws Including Exploited SharePoint Bug
Microsoft released fixes for **163 CVEs** across 17 product families, including **8 Critical** vulnerabilities, **1 publicly disclosed** flaw, and **1 vulnerability under active exploitation**. The exploited issue, `CVE-2026-32201`, is a **Microsoft SharePoint Server spoofing vulnerability** that can let an unauthenticated attacker impersonate a user and read or modify certain data. Microsoft also patched `CVE-2026-33825`, a **publicly disclosed Microsoft Defender elevation-of-privilege flaw** that affects systems only when Defender is enabled; the company said customers using Defender automatic updates are remediated automatically. Among the most severe issues, Microsoft highlighted `CVE-2026-33824`, a **Critical Windows Internet Key Exchange (IKE) Service Extensions remote code execution vulnerability** with a **CVSS 9.8**, and advised defenders to restrict **UDP ports 500 and 4500** until patching is complete. Elevation-of-privilege bugs made up the largest share of the release with **94 CVEs**, while **Windows** accounted for **131** of the patched vulnerabilities. Microsoft said **24 flaws** were more likely to be exploited within 30 days, **18** carried CVSS scores of **8.0 or higher**, and the release also included **80 Edge-related advisories**, most inherited from Chrome.
May 25, 2026
Microsoft Patches 71 Flaws Including Exploited Windows CLFS Zero-Day
Microsoft released fixes for **71 CVEs** across 10 product families, including **17 Critical** and **54 Important** vulnerabilities, with the update heavily concentrated on Windows. The most severe issue was **`CVE-2024-49112`**, a **CVSS 9.8** remote code execution flaw in **LDAP** affecting supported Windows client and server versions back to **Windows Server 2008**, while multiple other patches addressed remote code execution risks in **Remote Desktop Services** and additional Windows components. Microsoft also fixed an **actively exploited zero-day**, **`CVE-2024-49138`**, in the **Windows Common Log File System Driver (CLFS)**, and identified six more vulnerabilities as more likely to be exploited within 30 days. Those higher-risk issues affected **SharePoint, MSMQ, ReFS, and several Windows drivers**, underscoring broad exposure across enterprise environments; Sophos said protections were available for five of the patched vulnerabilities, and noted Microsoft patched **1,015 CVEs** through Patch Tuesday during 2024, the company’s highest annual total since 2020.
Jan 1, 2026
Microsoft Patch Tuesday Fixes 79 CVEs, Including Exploited Windows Flaws
Microsoft released fixes for **79 vulnerabilities** across 11 product families, including **7 Critical** issues and multiple flaws already exploited or associated with exploited conditions. The most significant actively exploited bugs were **`CVE-2024-38014`** in **Windows Installer** and **`CVE-2024-38217`** in **Windows Mark of the Web**, while **`CVE-2024-43491`** in the **Windows Update servicing stack** was highlighted as a high-severity risk for supported **Windows 10 version 1507 LTSB** and **IoT Enterprise 2015 LTSB** systems. Windows accounted for **47** of the patched CVEs, with **SQL Server** receiving fixes for **13** vulnerabilities and **SharePoint** affected by several high-risk remote code execution flaws that Microsoft said were more likely to be exploited within 30 days. Microsoft also noted that **Windows 11 24H2** is affected by **29** CVEs, including two already exploited in the wild, and the release referenced three **Adobe** vulnerabilities, including **`CVE-2024-41869`**, a critical **Adobe Reader** use-after-free flaw for which a workable exploit was already available.
Jan 1, 2026