Microsoft warns that attackers exploited a recently patched Windows spoofing vulnerability as a zero-day before July 2024.
The company also raised concerns about another zero-day exploit that executed code through the disabled Internet Explorer browser.
Details of the Exploit
The flaw, CVE-2024-43461, is a high-severity issue. Microsoft fixed it in September 2024 Patch Tuesday updates, two months after attackers used it in the wild.
Microsoft identified the security bug as a spoofing issue in MSHTML. This platform, used in Internet Explorer, remains in Windows for certain applications despite the browser’s retirement.
Trend Micro’s Zero Day Initiative reported the bug. Attackers could execute arbitrary code when users visited a malicious page or opened a dangerous file.
How the Exploit Works
ZDI explains that the flaw manipulates how Internet Explorer prompts users after a file download. Attackers craft file names to hide true extensions. This trick misleads users into opening harmful files. Once executed, the file runs code in the current user’s context.
Who Was Behind the Attack?
According to Trend Micro, the APT group “Void Banshee” exploited this attack chain to deliver the Atlántida stealer malware. They used specially crafted URLs to silently trigger Internet Explorer, redirect users to compromised websites, and deploy HTA-based payloads.
Such attacks compromise endpoint visibility and highlight the need for advanced Windows endpoint management tools and remote desktop management solutions.
How to Stay Safe from Windows Boot Errors and Exploits
To protect your devices against this and similar attacks:
- Install both July and September 2024 Windows updates immediately.
- Disable Internet Explorer using Group Policy or via system settings.
- Avoid opening unknown HTA files and links from unverified sources.
- Implement a reliable Windows system restore tool like RestoreX360 Lite (1 PC, 1 Year) to recover clean boot environments.
- Strengthen endpoint defences with RestoreX360 Endpoint Lifetime or our scalable RestoreX360 Endpoint Ranges for teams.
Why RestoreX360 Is Essential for Modern PC Protection
RestoreX 360 offers a comprehensive suite of tools to fix Windows boot error fix scenarios, assist with Windows boot repair, and provide remote PC repair tools for individuals and IT teams. Our RestoreX360 Pro (1 PC, 3 Year) and RestoreX360 Premium (1 PC, Lifetime) editions are built for sustained use across evolving IT landscapes.
Microsoft’s Response
On Friday, Microsoft updated its CVE-2024-43461 advisory. The company confirmed that attackers exploited the vulnerability before July 2024 along with CVE-2024-38112, another MSHTML Windows spoofing flaw.
Microsoft stated
“CVE-2024-43461 was part of an attack chain with CVE-2024-38112 before July 2024. We patched CVE-2024-38112 in July, which disrupted this chain. To stay protected, users should install both July and September 2024 updates.”
APT Group Behind the Attack
According to Trend Micro, an advanced persistent threat (APT) group known as Void Banshee exploited CVE-2024-38112 to run code using the disabled Internet Explorer.
The attackers used crafted URLs to open IE and redirect victims to a compromised website. This site hosted a malicious HTML Application (HTA) file, which silently downloaded malware in the background. The final payload led to Atlántida stealer infections.
How to Stay Safe
To protect against these attacks:
Install both July and September 2024 security updates immediately.
Avoid opening unknown HTA files or suspicious links.
Use modern browsers and disable legacy components when possible.
These vulnerabilities highlight the dangers of outdated technologies in Windows. Regular updates remain the best defines.
RestoreX360 Description
RestoreX360 is an advanced Windows repair and system recovery solution designed to keep PCs secure, stable, and optimized from day one.
It helps users:
Detect and fix Windows system errors
Repair corrupted files and registry issues
Improve PC performance and stability
Create safe restore points and rollback snapshots
Protect systems from crashes and unexpected failures
RestoreX360 is built for:
Home users
IT professionals
Corporates and Manufacturing
Service centres
Enterprise environments
With intelligent repair technology and user-friendly controls, RestoreX360 ensures your system stays reliable, efficient, and secure whether you are troubleshooting issues or maintaining long-term system health.
RestoreX360 does NOT collect, store, transmit, monitor, or share any user data. All system snapshots and restore points remain securely stored on the user’s local machine and are fully controlled by the user.
