MSHTML Platform Spoofing Vulnerability
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 22h2
- Windows 11 Version 23h2
- Windows 10 Version 1507
- Windows 11 Version 22h2
- Vendor
- CVE Published:
- 9 July 2024
Badges
Summary
The MSHTML Platform Spoofing Vulnerability (CVE-2024-38112) affects Windows operating systems and is actively exploited by threat actors. It involves the use of Windows Internet Shortcut files to call the retired Internet Explorer (IE) to visit attacker-controlled URLs, allowing the attacker to gain significant advantages in exploiting the victim’s computer. The vulnerability triggers spoofing in the MSHTML rendering engine, which is crucial for rendering web content in Internet Explorer and other applications through embedded web browser controls. It allows attackers to deceive users into believing that malicious content originates from a trusted source, potentially leading to the disclosure of sensitive information or the installation of malware. The exploitation of this vulnerability is compounded by the inadequate handling and exposure of resources within the MSHTML library, allowing for unauthorized exposure and potentially malicious interactions. Microsoft has released a patch to address the vulnerability, and users are advised to apply it promptly to protect their systems.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38112 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 22H2 < 10.0.19045.4651
Windows 11 Version 23H2 < 10.0.22631.3880
Windows 10 Version 1507 < 10.0.10240.20710
News Articles
The Register CVE-2024-43461CVE-2024-38112Microsoft confirms IE zero-day exploited in sneaky update
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...
3 days ago
CVE-2024-43461CVE-2024-38112Microsoft confirms IE zero-day exploited in sneaky update
Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...
3 days ago
Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day
Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024.
4 days ago
EPSS Score
64% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit exists.
- 🔥
Vulnerability reached the number 1 worldwide trending spot.
Vulnerability started trending.
First article discovered by Help Net Security
Vulnerability published.
Vulnerability Reserved.