September 16, 2024 at 09:36PM
Microsoft has confirmed that a recently patched Internet Explorer vulnerability, CVE-2024-43461, was exploited as a zero-day before it was fixed. The flaw allowed malicious actors to hide the true file-type extension of a downloaded file, enabling the execution of malicious code. This exploit was used by the Void Banshee gang to deploy info-stealing malware.
Based on the meeting notes, here are the key takeaways:
– Microsoft confirmed the exploitation of a zero-day Internet Explorer vulnerability (CVE-2024-43461) before it was patched.
– The vulnerability allowed hiding the true file-type extension of a file in Internet Explorer, making it possible to trick users into opening a file that appeared harmless but actually ran malicious code.
– The vulnerability was reported to Microsoft by Peter Girnus at Trend Micro’s Zero Day Initiative (ZDI).
– The exploit was used by a Windows malware-spreading group called Void Banshee, which abused another vulnerability (CVE-2024-38112) to infect victims’ systems.
– Both vulnerabilities (CVE-2024-43461 and CVE-2024-38112) were acknowledged as being exploited in the wild and were targeted by the US government’s CISA.
– The patch issued by Microsoft in July (for CVE-2024-38112) was found to be inadequate, and further guidance was provided to Microsoft by ZDI to address the attack surface left unprotected by the patch.
– Microsoft updated its security alert to reflect the exploitation of CVE-2024-43461 and its impact on enterprises, as confirmed by Dustin Childs, head of threat awareness at ZDI.
Let me know if you need further details or any other assistance.