Microsoft Zero-Day Vulnerability Exploited by Void Banshee Threat Group

Microsoft has identified a critical zero-day vulnerability, CVE-2024-43461, that has been exploited by the “Void Banshee” advanced persistent threat group. This vulnerability resides in the legacy MSHTML (Trident) browser engine included in Windows for backward compatibility. The bug allows remote attackers to execute arbitrary code on all supported Windows versions, making it a serious threat.

Initially rated 8.8 on the CVSS scale, Microsoft confirmed active exploitation of the vulnerability as part of an attack chain related to CVE-2024-38112. To mitigate this risk, Microsoft urges users to apply patches from both the July and September updates. The US CISA has added this flaw to its exploited vulnerabilities database, setting a deadline for mitigation by October 7.

The attack chain involves exploiting two similar vulnerabilities, with Void Banshee utilizing CVE-2024-38112 to lead victims to a malicious page through Internet Explorer. By using CVE-2024-43461 to spoof a PDF file as a harmless HTA file, attackers trick unsuspecting users into downloading malware onto their systems.

Experts warn that the reliance on outdated components like MSHTML increases the attack surface for organizations. A study revealed that a significant number of Windows systems lack essential security controls, leaving them vulnerable to exploitation. It is crucial for enterprises to address these environmental vulnerabilities and stay vigilant against emerging threats like CVE-2024-43461.

As cyber threats continue to evolve, proactive measures such as timely patching and robust security controls are essential to safeguarding sensitive data and preventing malicious actors from exploiting critical vulnerabilities like CVE-2024-43461.