CVE-2024-38112 - Microsoft Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-38112: Microsoft | Windows

Date Added:
2024-07-09

Due Date:
2024-07-30

Vulnerability Name: Microsoft Windows MSHTML Platform Spoofing Vulnerability

Description: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112

Related News Articles

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the WildOctober 9, 2024

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)October 9, 2024

CISA warns of Windows flaw used in infostealer malware attacksSeptember 17, 2024

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)September 16, 2024

Windows vulnerability abused braille “spaces” in zero-day attacksSeptember 16, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard