Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-43461

8.8HIGH

Key Information

Vendor: Microsoft
Status: Windows 11 Version 24h2; Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation)
Vendor: CVE Published:; 10 September 2024

Badges

👾 Exploit Exists📰 News Worthy

Summary

CVE-2024-43461 is a spoofing vulnerability affecting Windows MSHTML that was exploited as part of an attack chain related to another vulnerability, CVE-2024-38112. Microsoft released a fix for CVE-2024-43461 after confirming its exploitation. The attack chain involved using CVE-2024-38112 to force a URL file to be opened with Internet Explorer instead of the Edge browser, leading to the download of a malicious HTA file. The HTA file used CVE-2024-43461 to appear as a PDF file and deliver the Atlantida info-stealer. Microsoft recommends applying both the July 2024 and September 2024 security updates to fully protect against these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-43461 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 11 Version 24H2 < 10.0.26100.1742

Windows 10 Version 1809 < 10.0.17763.6293

Windows Server 2019 < 10.0.17763.6293

News Articles

CVE-2024-43461CVE-2024-38112

Microsoft confirms IE zero-day exploited in sneaky update

Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...

2 months ago