CVE-2024-38112 - Microsoft Windows MSHTML Platform Spoofing Vulnerability

Vulnerability Name

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Description

Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112

https://nvd.nist.gov/vuln/detail/CVE-2024-38112

Related News Articles

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the WildOctober 9, 2024

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)October 9, 2024

CISA warns of Windows flaw used in infostealer malware attacksSeptember 17, 2024

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)September 16, 2024

Windows vulnerability abused braille “spaces” in zero-day attacksSeptember 16, 2024