Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43461

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Windows 11 Version 24h2
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Vendor
CVE Published:
10 September 2024

Badges

πŸ’° RansomwareπŸ‘Ύ Exploit ExistsπŸ¦… CISA ReportedπŸ“° News Worthy

Summary

CVE-2024-43461 is a spoofing vulnerability affecting Windows MSHTML that was exploited as part of an attack chain related to another vulnerability, CVE-2024-38112. Microsoft released a fix for CVE-2024-43461 after confirming its exploitation. The attack chain involved using CVE-2024-38112 to force a URL file to be opened with Internet Explorer instead of the Edge browser, leading to the download of a malicious HTA file. The HTA file used CVE-2024-43461 to appear as a PDF file and deliver the Atlantida info-stealer. Microsoft recommends applying both the July 2024 and September 2024 security updates to fully protect against these vulnerabilities.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.0 < 10.0.10240.20766

Windows 10 Version 1607 32-bit Systems 10.0.0 < 10.0.14393.7336

Windows 10 Version 1809 32-bit Systems 10.0.0 < 10.0.17763.6293

News Articles

favicon imageBleepingComputer

New Windows zero-day exploited by 11 state hacking groups since 2017

At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017.

favicon imageThe Register

Microsoft confirms IE zero-day exploited in sneaky update

Analysis Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond...

favicon imageSecurity Affairs

Recently patched Windows flaw CVE-2024-43461 was actively exploited as a zero-day before July 2024

Microsoft warns that the recently patched Windows flaw (CVE-2024-43461) was actively exploited as a zero-day before July 2024.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ’°

    Used in Ransomware

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ¦…

    CISA Reported

  • πŸ“°

    First article discovered by SecurityWeek

  • Vulnerability published

  • Vulnerability Reserved

.