CVE-2024-43461 - Microsoft Windows MSHTML Platform Spoofing Vulnerability

Vulnerability Name

Microsoft Windows MSHTML Platform Spoofing Vulnerability

Description

Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461

https://nvd.nist.gov/vuln/detail/CVE-2024-43461

Related News Articles

New Windows zero-day exploited by 11 state hacking groups since 2017March 19, 2025

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the WildOctober 9, 2024

CISA warns of Windows flaw used in infostealer malware attacksSeptember 17, 2024

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)September 16, 2024

Windows vulnerability abused braille “spaces” in zero-day attacksSeptember 16, 2024