Key Takeaways:
Microsoft has disclosed a new Windows spoofing vulnerability that was addressed in the September 2024 Patch Tuesday updates. The company warned that cybercriminals had already exploited this flaw in zero-day attacks earlier in the year.
The vulnerability, tracked as CVE-2024-43461, is a spoofing flaw in the Windows MSHTML platform with a CVSS score of 8.8. It specifically impacts Internet Explorer mode in the Microsoft Edge browser. This bug was discovered and reported by Peter Girnus from Trend Micro’s Zero Day Initiative (ZDI) on July 19, and it allows remote attackers to execute code on unpatched Windows systems. However, for the attack to succeed, hackers must trick victims into visiting a malicious website or opening a harmful file.
“The specific flaw exists within the way Internet Explorer prompts the user after a file is downloaded. A crafted file name can cause the true file extension to be hidden, misleading the user into believing that the file type is harmless. An attacker can leverage this vulnerability to execute code in the context of the current user,” the Zero Day Initiative explained.
Microsoft initially disclosed the CVE-2024-43461 security flaw on September 10. At that time, the company said that the vulnerability was not being actively exploited in the wild. However, it was later discovered that the advanced persistent threat (APT) group Void Banshee had exploited the flaw, along with another MSHTML spoofing vulnerability (CVE-2024-38112), to target Windows devices.
Void Banshee exploited the zero-day flaw to launch Internet Explorer and take advantage of CVE-2024-43461, tricking users into opening a malicious HTML Application (.hta). This allowed the hackers to deploy the Atlantida malware, designed to steal information from Windows systems.
Microsoft released the July Patch Tuesday updates to fix the CVE-2024-43461 vulnerability and disrupt the attack chain. The company urges customers to install both the July and September 2024 security updates to fully protect their Windows systems against sophisticated threats.