Security News > 2024 > September > Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
2024-09-16 12:40
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,” Microsoft has revealed. The latter vulnerability was patched by the company in July 2024, and threat hunters with Trend Micro’s Zero Day Initiative explained that it had been used by the Void Banshee APT group to … More → The post Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2024/09/16/cve-2024-43461-exploited/
Related news
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-10 | CVE-2024-43461 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 8.8 |
| 2024-07-09 | CVE-2024-38112 | Unspecified vulnerability in Microsoft products Windows MSHTML Platform Spoofing Vulnerability | 7.5 |