September 16, 2024 at 06:11PM
Microsoft disclosed a zero-day vulnerability, CVE-2024-43461, in its legacy MSHTML browser engine affecting all supported Windows versions. Remote attackers can exploit it to execute arbitrary code, requiring a victim to visit a malicious site. This flaw, part of an attack chain with CVE-2024-38112, was exploited by the “Void Banshee” group. Mitigations from July and September updates should be applied.
The meeting notes indicate that Microsoft has identified a zero-day vulnerability, CVE-2024-43461, affecting all supported versions of Windows. Remote attackers can exploit this vulnerability to execute arbitrary code on affected systems, requiring the victim to visit a malicious webpage or click on an unsafe link for the exploit to work.
Microsoft has categorized this vulnerability with a severity rating of 8.8 on the CVSS scale and has urged customers to apply patches from both the July 2024 and September 2024 updates to fully protect against exploits targeting CVE-2024-43461.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its known exploited vulnerabilities database, with a deadline for federal agencies to implement the vendor’s mitigations by October 7, 2024.
Furthermore, CVE-2024-43461 is similar to another vulnerability, CVE-2024-38112, and has been used in an attack chain involving the latter. Threat actors, identified as Void Banshee, have been observed utilizing these vulnerabilities to drop the Atlantida malware on Windows systems. They have been targeting organizations in North America, Southeast Asia, and Europe, using various tactics such as exploiting unsupported Windows relics and leveraging environmental vulnerabilities.
It’s important for enterprises to promptly apply the necessary patches and security controls on their devices to mitigate the risk posed by these vulnerabilities and potential malicious exploits.