September 16, 2024 at 03:56PM
CISA orders U.S. federal agencies to secure systems against a Windows MSHTML spoofing bug exploited by the Void Banshee APT group. The vulnerability (CVE-2024-43461) was exploited before being fixed, allowing attackers to execute code on unpatched Windows systems. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog, and federal agencies have three weeks to secure vulnerable systems.
Key takeaways from the meeting notes:
1. CISA has directed U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug that was exploited by the Void Banshee APT hacking group.
2. The vulnerability (CVE-2024-43461) was initially classified by Microsoft as not exploited in attacks but later confirmed to have been exploited before being fixed, as part of an exploit chain with another MSHTML spoofing bug (CVE-2024-38112).
3. The exploit allowed attackers to execute arbitrary code on unpatched Windows systems by tricking targets into visiting a maliciously crafted webpage or opening a malicious file.
4. The exploit involved delivering malicious HTA files camouflaged as PDF documents, using encoded braille whitespace characters to hide the .hta extension.
5. The APT hacking group, Void Banshee, has been identified as targeting organizations across North America, Europe, and Southeast Asia for financial gain and data theft.
6. CISA has added the MSHTML spoofing vulnerability to its Known Exploited Vulnerabilities catalog and ordered federal agencies to secure vulnerable systems within three weeks by October 7, as mandated by Binding Operational Directive (BOD) 22-01.
7. Private organizations worldwide are also advised to prioritize mitigating this vulnerability to block ongoing attacks.
8. In addition to the MSHTML spoofing vulnerability, Microsoft has also patched three other actively exploited zero-days in the September 2024 Patch Tuesday, including CVE-2024-38217, a vulnerability exploited in LNK stomping attacks.
These takeaways provide a comprehensive summary of the key details and implications discussed in the meeting notes.