Heimdal
article featured image

Contents:

Microsoft revealed that hackers have exploited as zero-day a Windows MSHTML platform spoofing vulnerability for more than two months.

The company released a patch for CVE-2024-43461, during the September Patch Tuesday. They didn’t know that hackers were exploiting this flaw at that time. The vulnerability lets unauthorized attackers execute code remotely. Hackers used it as a zero-day to spread info-stealing malware.

CISA included this Microsoft flaw in its Known Exploited Vulnerabilities Catalog and urged all US federal agencies to apply patches.

How did hackers exploit the Windows MSHTML platform spoofing vulnerability

Researchers say that before July 2024, CVE-2024-43461 was part of an exploit chain, along with another MSHTML spoofing flaw, CVE-2024-38112. Microsoft released a patch for CVE-2024-38112 at that moment and broke the attack chain.

In addition, security specialists have observed the Void Banshee threat group using CVE-2024-43461 to install infostealers.

the threat actor lured victims using malicious files spoofed as book PDFs that they distributed via Discord servers, file-sharing websites, and other vectors. Void Banshee is a financially motivated threat actor that researchers have observed targeting organizations in North America, Southeast Asia, and Europe.

Source – DarkReading.com

patch windows vulnerabilities faster

How to patch Microsoft vulnerabilities effectively

To keep safe from attacks like those conducted by Void Banshee, Microsoft advised System Administrators to apply patches from both July and September.

Patch Tuesday for September alone brought 79 flaws to patch, out of which 5 turned out to be zero-days.

Windows MSHTML Platform Spoofing Vulnerability

Keeping software up to date is one of the most time-consuming task of a sysadmin. The need to test every patch before deployment adds up to an already challenging job.

Due to the constantly increasing number of disclosed and/ or exploited vulnerabilities, applying patches timely almost become mission impossible.

However, there is a way out. Automated patch management software helps IT teams solve patching issues with only a few clicks.

Book a demo to see how using Heimdal’s Patch and Asset Management solution would support your team through the whole patch management process.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE