Recently, Microsoft issued a serious security warning regarding the Windows operating system. The high-risk vulnerability, identified as CVE-2024-43461, had been exploited by hackers for over two months before Microsoft finally patched it in the September 2024 Patch Tuesday update.
CVE-2024-43461 is a spoofing vulnerability in the MSHTML platform, which is part of the retired Internet Explorer (IE) browser. Although IE is no longer in use, the MSHTML platform remains embedded in certain applications, making it a target for malicious attacks.
This vulnerability allows attackers to hide the true file extension by designing misleading filenames, tricking users into opening seemingly harmless files. Once exploited, the malicious code is executed in the user's context, posing a significant security threat. Especially when users visit malicious websites or download files containing harmful code, attackers can exploit this vulnerability to perform remote code execution.
According to Microsoft, this vulnerability was exploited alongside another serious flaw, CVE-2024-38112, in several attacks before July 2024. The Zero Day Initiative (ZDI) of Trend Micro was praised for reporting these vulnerabilities, explaining how hackers executed malicious code through a disabled IE browser, leading victims to a malicious site hosting HTML Application (HTA) files. These files are executed in the background, downloading malicious payloads, which eventually lead to the infection of the Atlantida Stealer malware.
Microsoft urges all Windows users to install the July 2024 and September 2024 security updates as soon as possible to protect against these vulnerabilities. While the attack chain has been disrupted, delays in installing patches may leave users exposed to security risks.
Security Recommendations:
- Ensure your operating system is up to date and regularly install all security updates.
- Avoid visiting unknown websites or downloading suspicious files, especially from unverified sources.
- Use multi-layered security protections, including antivirus and anti-malware tools, to reduce potential risks.
As Advanced Persistent Threat (APT) attacks become more frequent, users should remain vigilant and respond quickly to emerging security risks.