MHTML

Microsoft has reclassified a bug from its September Patch Tuesday update as a zero-day vulnerability, designated CVE-2024-43461, which has been exploited by the threat group "Void Banshee" since before July. This vulnerability affects all supported versions of Windows and allows remote attackers to execute arbitrary code if a victim visits a malicious webpage or clicks an unsafe link. Initially rated 8.8 on the CVSS scale, Microsoft revised its assessment after discovering active exploitation linked to another vulnerability, CVE-2024-38112, which was patched in July 2024. To protect against CVE-2024-43461, Microsoft recommends applying patches from both the July and September updates. CISA added this flaw to its known exploited vulnerabilities database, setting an implementation deadline of October 7 for federal agencies. The vulnerability enables attackers to manipulate browser interfaces and has been used by Void Banshee to deploy Atlantida malware through deceptive files. The coordinated attack chain involving CVE-2024-43461 and CVE-2024-38112 exploits the legacy MSHTML engine, which remains in Windows for compatibility. A study indicated that over 10% of Windows 10 and 11 systems lack endpoint protection, increasing vulnerability to such exploits.