惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
D
DataBreaches.Net
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
D
Docker
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Check Point Blog
腾讯CDC
Stack Overflow Blog
Stack Overflow Blog
V
Visual Studio Blog
IT之家
IT之家
月光博客
月光博客
U
Unit 42
K
Kaspersky official blog
T
Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
GbyAI
GbyAI
P
Proofpoint News Feed
Last Week in AI
Last Week in AI
云风的 BLOG
云风的 BLOG
酷 壳 – CoolShell
酷 壳 – CoolShell
I
InfoQ
Engineering at Meta
Engineering at Meta
Recorded Future
Recorded Future
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security @ Cisco Blogs
MyScale Blog
MyScale Blog
大猫的无限游戏
大猫的无限游戏
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Schneier on Security
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog RSS Feed
The Last Watchdog
The Last Watchdog
P
Palo Alto Networks Blog
爱范儿
爱范儿
B
Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
C
Cisco Blogs
Spread Privacy
Spread Privacy
F
Full Disclosure
博客园 - 聂微东
T
The Blog of Author Tim Ferriss

Vulnerabilities – ThreatDown by Malwarebytes

June 2025 Microsoft Patch Tuesday fixes two zero-days April 2025 Patch Tuesday includes one zero-day March 2025 Patch Tuesday, severity over quantity What is Cross-Site Scripting (XSS)? - ThreatDown by Malwarebytes Why ransomware gangs want you to keep using that GPON router - ThreatDown by Malwarebytes Hybrid cloud environments are not safe from ransomware Update now! Critical CVSS 10 vulnerability in Ivanti EPM - ThreatDown by Malwarebytes Update now! Four zero-days fixed in September Patch Tuesday - ThreatDown by Malwarebytes Ransomware gangs target SonicWall vulnerability
Windows MSHTML vulnerability actively exploited - ThreatDown by Malwarebytes
Pieter Arntz · 2024-09-18 · via Vulnerabilities – ThreatDown by Malwarebytes
Internet Explorer

CISA has added another MSHTML vulnerability rooted in Internet Explorer to its known exploited vulnerabilities catalog

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-43461, a vulnerability in Windows MSHTML, to its known exploited vulnerabilities catalog. This requires Federal Civilian Executive Branch (FCEB) agencies to remediate the vulnerability by October 7, 2024.

A fix for the flaw was included in the September 2024 patch Tuesday, but at that time it wasn’t counted among the four zero-days that were patched as well, because Microsoft assumed that the vulnerability was only used in an attack chain with another MSHTML vulnerability, CVE-2024-38112, which was fixed in the July Patch Tuesday.

CVE-2024-43461 is a Windows MSHTML platform spoofing vulnerability, and another serious flaw that stems from the continued use of components of the—officially retired—Internet Explorer 11. Microsoft writes:

While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported.

Retaining fragments of Internet Explorer means that the outdated browser can still be invoked and leveraged for malicious purposes.

The MSHTML vulnerabilities were used by an APT group called Void Banshee to deploy malicious HTML Application (HTA) files camouflaged as PDF documents, which were able to hide their true file extension due to the way Internet Explorer prompts users after a file is downloaded.

An HTA file is an application that combines an HTML interface with programming logic in a scripting language supported by Internet Explorer, such as VBScript or JScript. As a fully trusted application, HTA files have more enhanced privileges than HTML files.

The HTA files were used to spread the Atlantida information stealer, which can steal passwords, authentication cookies, and cryptocurrency wallets from infected devices.

Successful exploitation requires an attacker to get a target to open a malicious file or visit a malicious website, but cybercriminals are well practiced at doing both.

Void Banshee is known for targeting organizations across North America, Europe, and Southeast Asia for financial gain and to steal data.

Malwarebytes and ThreatDown detect the Atlantida stealer as Spyware.Atlantida.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in check by using ThreatDown’s Vulnerability Assessment and Patch Management solutions.