CVE-2024-43461 - Microsoft Windows MSHTML Platform Spoofing Vulnerability
Project:Microsoft
Product:Windows
Date Added:2024-09-16Due Date:2024-10-07
Vulnerability Name
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Description
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461
https://nvd.nist.gov/vuln/detail/CVE-2024-43461
Related News Articles
New Windows zero-day exploited by 11 state hacking groups since 2017March 19, 2025
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the WildOctober 9, 2024
CISA warns of Windows flaw used in infostealer malware attacksSeptember 17, 2024
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)September 16, 2024
Windows vulnerability abused braille “spaces” in zero-day attacksSeptember 16, 2024