Summary
September 2024 Patch Tuesday leads with CVE-2024-43491, a critical 9.8 remote code execution flaw in Windows Update itself. Tom and Jason flag it as a patch-now target because compromising the update process lets an attacker run malicious code and lock the endpoint out of future updates. Microsoft also rated it more likely to be exploited. They weigh the YubiKey advisories, where the cloning attack needs physical possession and specialized equipment, and close on a lighter Visio RCE that needs a crafted file to trigger.
)
)
)
)
)