Microsoft Reclassifies Bug as Zero-Day Vulnerability CVE-2024-43461

17 Sep 2024

Microsoft Reclassifies Bug as Zero-Day Vulnerability

Microsoft has recently reclassified a previously addressed bug in its September Patch Tuesday update as a zero-day vulnerability. This flaw, designated as CVE-2024-43461, has been exploited by the advanced persistent threat group known as "Void Banshee" since before July. The vulnerability is categorized as a remotely exploitable platform-spoofing issue within the legacy MSHTML (Trident) browser engine, which Microsoft retains in Windows for backward compatibility.

Affects All Supported Windows Versions

This vulnerability impacts all supported versions of Windows, granting remote attackers the ability to execute arbitrary code on affected systems. However, for an exploit to be successful, an attacker must persuade a potential victim to visit a malicious webpage or click on an unsafe link.

Initially, Microsoft rated the severity of this flaw at 8.8 on the 10-point CVSS scale when it was disclosed on September 10. At that time, there was no indication that it was a zero-day vulnerability. On September 13, Microsoft revised its assessment, revealing that attackers had been actively exploiting the flaw as part of an attack chain related to CVE-2024-38112, another MSHTML platform spoofing vulnerability that was patched in July 2024. Microsoft stated, "We released a fix for CVE-2024-38112 in our July 2024 security updates which broke this attack chain."

To ensure full protection against exploits targeting CVE-2024-43461, Microsoft urges customers to apply patches from both the July and September 2024 updates. Following Microsoft’s update on September 13, the US Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its known exploited vulnerabilities database on September 16, setting an implementation deadline of October 7 for federal agencies to adopt the vendor’s mitigations.

Similarities to Previous Vulnerabilities

CVE-2024-43461 bears similarities to CVE-2024-38112, allowing attackers to manipulate user interfaces—specifically, the browser—to display misleading data. Check Point Research, credited by Microsoft for discovering CVE-2024-38112, described the flaw as enabling adversaries to send crafted URLs or Internet shortcut files that, when clicked, would trigger Internet Explorer to open a malicious URL, even if the browser is disabled. Additionally, Check Point noted that threat actors have employed a novel tactic to disguise malicious HTML application (HTA) files as harmless PDF documents during their exploits.

Trend Micro’s Zero Day Initiative (ZDI), which also claims credit for discovering CVE-2024-38112, reported that Void Banshee has exploited this vulnerability to deploy the Atlantida malware on Windows systems. In their observations, Trend Micro noted that the threat actor lured victims with malicious files masquerading as book PDFs, distributed through Discord servers, file-sharing websites, and other channels. Void Banshee is recognized as a financially motivated threat actor, targeting organizations across North America, Southeast Asia, and Europe.

A Two-Bug Microsoft Attack Chain

According to Microsoft’s updated advisory, attackers have been utilizing CVE-2024-43461 as part of a coordinated attack chain that also involves CVE-2024-38112. Researchers at Qualys previously indicated that exploits targeting CVE-2024-38112 would be equally effective against CVE-2024-43416, given their near-identical nature. Peter Girnus, a senior threat researcher at ZDI credited for CVE-2024-43461, explained that attackers leveraged CVE-2024-38112 to navigate to an HTML landing page through Internet Explorer using the MHTML protocol handler within a .URL file. "This landing page contains an HTML which downloads an HTA file where attackers can execute arbitrary code," Girnus elaborated.

How to use remote desktop connection on windows 11?

To use Remote Desktop Connection on Windows 11, follow these steps: 1. Open Settings and go to System > Remote Desktop. 2. Toggle on the 'Enable Remote Desktop' switch. 3. Note the PC name under 'PC name'. 4. On the computer that will be used to connect, open the Remote Desktop app. 5. Enter the PC name and click 'Connect'. 6. Enter the username and password of the remote computer. 7. Click 'OK' to connect.

How to crop a video on windows 10?

To crop a video on Windows 10, use the Photos app: 1. Open the Photos app and import the video. 2. Select the video and click 'Edit & Create'. 3. Choose 'Create a video with text'. 4. Drag the video to the timeline. 5. Click 'Trim' to cut the video length if needed. 6. Click 'Aspect ratio' to select the crop ratio. 7. Drag the video to adjust the crop area. 8. Click 'Finish video' to save the cropped video.

Update: 17 Sep 2024

Close All Windows

Close All Windows download for free to PC or mobile

Latest update Close All Windows download for free for Windows PC or Android mobile

4
556 reviews
3143 downloads

News and reviews about Close All Windows

Close All Windows photo 1

10 Jun 2025

Windows 11 Updates Address Security and Enhance Features

Microsoft rolls out mandatory Windows 11 updates, KB5060842 and KB5060999, improving security and introducing new features like cross-device resume in OneDrive, updated search, and an extended System Restore option, adjusting build numbers for versions 24H2 and 23H2.

Read more
Close All Windows photo 2

06 Jun 2025

Windows 11 Challenges and Evolution in Gaming Handhelds

Exploring Windows 11's journey in gaming handhelds amidst past miscues. Microsoft's evolution with new designs and features unfolds, shaping the mobile space.

Read more
Close All Windows photo 3

06 Jun 2025

Microsoft Eases Users Toward Windows 11 as Support for 10 Ends

Microsoft nudges users from Windows 10 to Windows 11 as support ends. The company's campaign plays on security risks of outdated systems, sparking mixed responses.

Read more
Close All Windows photo 4

05 Jun 2025

Microsoft to Allow More Control on Windows in Europe by 2025

The upcoming changes to Windows in Europe, prompted by the Digital Markets Act, will allow users greater control over pre-installed apps and default services, beginning June 2025.

Read more
Close All Windows photo 5

04 Jun 2025

Strategies for an Optimal Windows 11 Upgrade Experience

Explore essential steps to optimize your Windows 11 upgrade, from tweaking the taskbar to enhancing privacy settings.

Read more
Close All Windows photo 6

03 Jun 2025

Windows 11 Introduces New Quick Recovery Features

Windows 11's Recovery settings aim for quick machine recovery, offering enhanced options for troubleshooting and system restoration, particularly aiding IT administrators.

Read more
Close All Windows photo 7

02 Jun 2025

Microsoft Resolves Windows 11 Startup Failures in Virtual PCs

Microsoft releases urgent fixes for Windows 11 startup issues in virtual environments due to missing ACPI.sys file. The updates, now available, underline the challenges in maintaining software security.

Read more
Close All Windows photo 8

02 Jun 2025

Windows 11 Update Enhances Gaming Features and Performance

Windows 11's latest update fixes game bugs, boosts performance, and adds innovative features like Click to Do and Cross Device Resume.

Read more
Close All Windows photo 9

02 Jun 2025

Windows Sends Out Emergency Update After System Errors

Microsoft responds to errors in Windows 11 following update KB5058405, issuing a non-security patch KB5062170 to address recovery issues affecting virtual systems.

Read more
Close All Windows photo 10

02 Jun 2025

Windows Users Face Critical Upgrade Decisions Amid Security Risks

Microsoft urges Windows users to upgrade to Windows 11 as Windows 10 support ends soon, warning of security risks. Asus showcases AI advancements in new PCs.

Read more
All Close All Windows news and updates