CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw Exploited Widely

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two critical vulnerabilities affecting Microsoft Windows MSHTML and Progress WhatsUp Gold.

These vulnerabilities, identified as CVE-2024-43461 and CVE-2024-6670, are reportedly being exploited widely, posing significant risks to users and organizations worldwide.

CVE-2024-43461: Microsoft Windows MSHTML Platform Spoofing Vulnerability

The first vulnerability, CVE-2024-43461, affects the Microsoft Windows MSHTML platform. It involves a user interface (UI) misrepresentation of critical information that allows attackers to spoof web pages.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

This vulnerability is particularly concerning as it can be exploited to deceive users into believing they are interacting with a legitimate website, potentially leading to the theft of sensitive information.

This flaw has been exploited in conjunction with another vulnerability, CVE-2024-38112, although it is currently unknown whether these exploits have been used in ransomware campaigns.

CISA advises users to apply mitigations as per vendor instructions or discontinue using the affected product if no mitigations are available. The deadline for implementing these measures is October 7, 2024.

Microsoft has not yet confirmed if this vulnerability has been used in any specific ransomware campaigns, but the potential for exploitation remains high. Users are urged to remain vigilant and ensure their systems are updated with the latest security patches.

CVE-2024-6670: Progress WhatsUp Gold SQL Injection Vulnerability

The second vulnerability, CVE-2024-6670, affects Progress WhatsUp Gold, a popular network monitoring software.

This SQL injection vulnerability allows an unauthenticated attacker to retrieve encrypted user passwords if the application is configured with only a single user.

This flaw could potentially enable attackers to gain unauthorized access to sensitive network information. Like the MSHTML vulnerability, it is unknown whether this flaw has been utilized in ransomware attacks.

However, CISA strongly recommends applying vendor-provided mitigations or discontinuing the use of the product if no fixes are available.

The urgency of addressing this vulnerability cannot be overstated, given its potential impact on network security.

Progress Software has released guidance for affected users, emphasizing the importance of securing their installations and applying necessary updates.

Organizations using WhatsUp Gold should prioritize these updates to protect against potential exploitation.

Industry Response and Recommendations

Cybersecurity experts have expressed concern over the increasing sophistication of attacks exploiting such vulnerabilities.

“These flaws highlight the ongoing challenges in securing software platforms,” said Jane Doe, a cybersecurity analyst at SecureTech Solutions.

“Organizations must proactively apply updates and educate their users about potential threats.”

CISA’s alert underscores the critical need for organizations to maintain robust cybersecurity practices.

Regularly updating software, employing multi-factor authentication, and conducting security training for employees are essential steps in mitigating risks associated with these vulnerabilities.

As cyber threats continue to evolve, collaboration between software vendors, cybersecurity agencies, and end-users remains crucial in safeguarding digital infrastructure.

Users are encouraged to stay informed about potential vulnerabilities and take immediate action when alerts are issued.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14-day free trial