Microsoft Reclassifies Bug as Zero-Day Vulnerability CVE-2024-43461

Apps & Games / Close All Windows / Desktop / Windows / News Close All Windows for Desktop Windows / Microsoft Reclassifies Bug as Zero-Day Vulnerability CVE-2024-43461
17 Sep 2024

Microsoft Reclassifies Bug as Zero-Day Vulnerability

Microsoft has recently reclassified a previously addressed bug in its September Patch Tuesday update as a zero-day vulnerability. This flaw, designated as CVE-2024-43461, has been exploited by the advanced persistent threat group known as "Void Banshee" since before July. The vulnerability is categorized as a remotely exploitable platform-spoofing issue within the legacy MSHTML (Trident) browser engine, which Microsoft retains in Windows for backward compatibility.

Affects All Supported Windows Versions

This vulnerability impacts all supported versions of Windows, granting remote attackers the ability to execute arbitrary code on affected systems. However, for an exploit to be successful, an attacker must persuade a potential victim to visit a malicious webpage or click on an unsafe link.

Initially, Microsoft rated the severity of this flaw at 8.8 on the 10-point CVSS scale when it was disclosed on September 10. At that time, there was no indication that it was a zero-day vulnerability. On September 13, Microsoft revised its assessment, revealing that attackers had been actively exploiting the flaw as part of an attack chain related to CVE-2024-38112, another MSHTML platform spoofing vulnerability that was patched in July 2024. Microsoft stated, "We released a fix for CVE-2024-38112 in our July 2024 security updates which broke this attack chain."

To ensure full protection against exploits targeting CVE-2024-43461, Microsoft urges customers to apply patches from both the July and September 2024 updates. Following Microsoft’s update on September 13, the US Cybersecurity and Infrastructure Security Agency (CISA) added this flaw to its known exploited vulnerabilities database on September 16, setting an implementation deadline of October 7 for federal agencies to adopt the vendor’s mitigations.

Similarities to Previous Vulnerabilities

CVE-2024-43461 bears similarities to CVE-2024-38112, allowing attackers to manipulate user interfaces—specifically, the browser—to display misleading data. Check Point Research, credited by Microsoft for discovering CVE-2024-38112, described the flaw as enabling adversaries to send crafted URLs or Internet shortcut files that, when clicked, would trigger Internet Explorer to open a malicious URL, even if the browser is disabled. Additionally, Check Point noted that threat actors have employed a novel tactic to disguise malicious HTML application (HTA) files as harmless PDF documents during their exploits.

Trend Micro’s Zero Day Initiative (ZDI), which also claims credit for discovering CVE-2024-38112, reported that Void Banshee has exploited this vulnerability to deploy the Atlantida malware on Windows systems. In their observations, Trend Micro noted that the threat actor lured victims with malicious files masquerading as book PDFs, distributed through Discord servers, file-sharing websites, and other channels. Void Banshee is recognized as a financially motivated threat actor, targeting organizations across North America, Southeast Asia, and Europe.

A Two-Bug Microsoft Attack Chain

According to Microsoft’s updated advisory, attackers have been utilizing CVE-2024-43461 as part of a coordinated attack chain that also involves CVE-2024-38112. Researchers at Qualys previously indicated that exploits targeting CVE-2024-38112 would be equally effective against CVE-2024-43416, given their near-identical nature. Peter Girnus, a senior threat researcher at ZDI credited for CVE-2024-43461, explained that attackers leveraged CVE-2024-38112 to navigate to an HTML landing page through Internet Explorer using the MHTML protocol handler within a .URL file. "This landing page contains an HTML which downloads an HTA file where attackers can execute arbitrary code," Girnus elaborated.

How to use remote desktop connection on windows 11?

To use Remote Desktop Connection on Windows 11, follow these steps: 1. Open Settings and go to System > Remote Desktop. 2. Toggle on the 'Enable Remote Desktop' switch. 3. Note the PC name under 'PC name'. 4. On the computer that will be used to connect, open the Remote Desktop app. 5. Enter the PC name and click 'Connect'. 6. Enter the username and password of the remote computer. 7. Click 'OK' to connect.

How to crop a video on windows 10?

To crop a video on Windows 10, use the Photos app: 1. Open the Photos app and import the video. 2. Select the video and click 'Edit & Create'. 3. Choose 'Create a video with text'. 4. Drag the video to the timeline. 5. Click 'Trim' to cut the video length if needed. 6. Click 'Aspect ratio' to select the crop ratio. 7. Drag the video to adjust the crop area. 8. Click 'Finish video' to save the cropped video.
Update: 17 Sep 2024
Close All Windows

Close All Windows download for free to PC or mobile

4
556 reviews
3110 downloads

News and reviews about Close All Windows

Loading...