Windows MSHTML Zero-Day Vulnerability Exploited In The Wild

Adobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to mitigate a code execution flaw rated at CVSS 9.8. 

Other critical vulnerabilities were found in Photoshop, Illustrator, Premier Pro, After Effects, Audition, and Media Encoder.

Adobe prioritizes these updates for deployment due to their critical nature and potential for exploitation.

While Microsoft has released 79 new security patches for various Windows and Microsoft products this month, seven vulnerabilities are classified as critical, 71 as important, and one as moderate. 

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

This month’s release volume is similar to the previous month’s, but it’s noteworthy that many of these bugs are actively being exploited.

They had discovered a critical remote code execution vulnerability in Windows 10 systems.

This vulnerability, CVE-2024-43491, is caused by a flaw in the Servicing Stack that allows attackers to downgrade optional components and potentially execute malicious code. 

While not currently being exploited in the wild, it highlights the importance of keeping systems up-to-date with the latest security patches, including both the servicing stack update (KB5043936) and the security update (KB5043083).

Recent security updates address vulnerabilities in Microsoft Publisher and Windows.

An attacker can exploit CVE-2024-38226 by tricking a user into opening a specially crafted Publisher file, which bypasses macro policies and allows for code execution. 

CVE-2024-38217 involves a MoTW bypass vulnerability that could be exploited by ransomware gangs targeting crypto traders.

While no specific details are provided about the attacks, it’s clear that these vulnerabilities pose significant risks to users and organizations.

CVE-2024-38014 exploits a vulnerability in Windows Installer, which allows attackers to elevate their privileges to SYSTEM without being detected. 

CVE-2024-43461 is a spoofing vulnerability in the MSHTML platform that can be used for code execution.

Both vulnerabilities are being actively exploited in the wild, and it is recommended to apply the patches as soon as possible.

Microsoft has released a series of critical patches addressing vulnerabilities in various products, including SharePoint, Azure Stack Hub, TCP/IP, Remote Desktop Licensing Service, SQL Server Native Scoring, Azure CycleCloud, and Power Automate Desktop. 

According to ZDI, these vulnerabilities could lead to code execution, privilege escalation, and other security breaches. Organizations are strongly advised to apply these patches promptly to mitigate the risks associated with these vulnerabilities.

The September update addresses 30 Elevation of Privilege (EoP) bugs, many leading to SYSTEM-level code execution or administrative privileges. Two Security Feature Bypass (SFB) bugs, both related to web browsing, are also patched. 

Additionally, 11 information disclosure bugs are fixed, with some potentially revealing sensitive data.

Spoofing and denial-of-service (DoS) vulnerabilities are also addressed, with varying impact levels, while the DoS in Hyper-V could allow a guest OS to affect the host OS.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar