The C in these CVEs stands for Confusing
Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched.Back then Microsoft said the hole was not exploited in the wild. Now the software giant says it was exploited prior to patching, making it a zero day for a time.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. It turns out CVE-2024-43461 was earlier exploited in the wild by a Windows malware-spreading gang called Void Banshee that abused the flaw with another MSHTML platform spoofing vulnerability,and acknowledged at the time by Microsoft as being exploited in the wild, allows a specially crafted Windows Internet Shortcut file, a .url file, to force the victim's PC into opening a particular URL using the retired and dormant Internet Explorer.
In July, Microsoft credited Haifei Li at Check Point Research with discovering and reporting CVE-2024-38112, though ZDI felt it should have, on July 9, to explain how the 38112 flaw was exploited in the wild, and included a description of the trick used for hiding the .mta extension without quoting a CVE for that part.
Patching the 38112 bug should have prevented the above exploit chain from working as expected, protecting targets, Microsoft argued.it privately disclosed the IE launching aspect to Microsoft in May. The Trend team said as much in their ownUntangling this mess, we reckon ZDI and Check Point both pretty much found and reported the two bugs to Microsoft. Microsoft credited ZDI for finding the.
Singapore Latest News, Singapore Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft's Patch Tuesday borks dual-boot Linux-Windows PCsPlus: Three-year-old ProxyLogon flaw added to CISA's exploited bugs list
Read more »
Baldur’s Gate 3 Patch 7 patch notes adds almost too much content The full Baldur's Gate 3 Patch 7 patch notes are here, offering a massive content update for the beloved RPG game.
Read more »
Baldur’s Gate 3 patch 7 release window, early patch notes and “other enhancements” coming laterThe release date window for when Baldur's Gate 3 patch 7 will come out along with early notes and 'other enhancements' joining BG3 later.
Read more »
XDefiant update 1.5 patch notes introduce ability restrictions to ranked, increase quitting penaltyNo more nightmarish spider-bot armies in ranked.
Read more »
The Finals update 3.11.0 patch notes introduce new community eventEmbark has shared The Finals update 3.11.0 patch notes, and they simply introduce a new community event for players to complete.
Read more »
Deadlock's first major patch adds wall jumping and over a hundred balance changesJody's first computer was a Commodore 64, so he remembers having to use a code wheel to play Pool of Radiance. A former music journalist who interviewed everyone from Giorgio Moroder to Trent Reznor, Jody also co-hosted Australia's first radio show about videogames, Zed Games.
Read more »