Microsoft has released security updates addressing 118 vulnerabilities, with two under active exploitation as zero-day threats: CVE-2024-43572 (Remote Code Execution via Microsoft Management Console) and CVE-2024-43573 (MSHTML Platform Spoofing). These have been added to CISA's Known Exploited Vulnerabilities catalog. Among the flaws, three are Critical, including a remote code execution vulnerability in Microsoft Configuration Manager (CVE-2024-43468, CVSS score: 9.8). The updates also patch remote code execution flaws in the Visual Studio Code extension for Arduino and the Remote Desktop Protocol (RDP) Server. Federal agencies are required to apply fixes by October 29, 2024.