September 16, 2024 at 07:39AM
Microsoft identified and addressed a high-severity CVE-2024-43461 security flaw through September 2024 updates, following its exploitation as a zero-day in Internet Explorer. This spoofing bug in MSHTML can execute arbitrary code when a user interacts with a malicious page or file. It was part of an attack chain exploited by an advanced persistent threat actor.
The meeting notes highlight a second Windows vulnerability, CVE-2024-43461, which was exploited as a zero-day to execute code through the disabled Internet Explorer browser. This high-severity flaw is present in the MSHTML platform used in IE, despite the retirement of the browser. The vulnerability allows attackers to execute arbitrary code when a user visits a malicious page or opens a malicious file, exploiting the way Internet Explorer prompts the user after a file is downloaded.
Microsoft has released a fix for this vulnerability as part of the September 2024 Patch Tuesday updates, after it was exploited in the wild for more than two months. It was also noted that this vulnerability was exploited in attacks prior to July 2024 along with another MSHTML spoofing flaw, CVE-2024-38112. To fully protect against the attacks, customers are advised to install both the July 2024 and September 2024 security updates.
Additionally, a Trend Micro report identified that CVE-2024-38112 was exploited by an advanced persistent threat actor to execute code using the disabled Internet Explorer, leading to Atlantida stealer infections.
The meeting notes also mentioned related reports about Windows logfile flaws, Windows Hello fingerprint authentication bypass, and other Windows vulnerabilities.