Sep 2024: Windows MSHTML Platform Spoofing Vulnerability
CVE-2024-43461 Published on September 10, 2024
Windows MSHTML Platform Spoofing Vulnerability
Windows MSHTML Platform Spoofing Vulnerability
Known Exploited Vulnerability
This Microsoft Windows MSHTML Platform Spoofing Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
The following remediation steps are recommended / required by October 7, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Weakness Type
User Interface (UI) Misrepresentation of Critical Information
The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks.
Products Associated with CVE-2024-43461
Want to know whenever a new CVE is published for Microsoft products? stack.watch will email you.
Affected Versions
Microsoft Windows 11 Version 24H2:- Version 10.0.26100.0 and below 10.0.26100.1742 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.17763.0 and below 10.0.17763.6293 is affected.
- Version 10.0.20348.0 and below 10.0.20348.2700 is affected.
- Version 10.0.0 and below 10.0.22000.3197 is affected.
- Version 10.0.19043.0 and below 10.0.19044.4894 is affected.
- Version 10.0.22621.0 and below 10.0.22621.4169 is affected.
- Version 10.0.19045.0 and below 10.0.19045.4894 is affected.
- Version 10.0.22631.0 and below 10.0.22631.4169 is affected.
- Version 10.0.22631.0 and below 10.0.22631.4169 is affected.
- Version 10.0.25398.0 and below 10.0.25398.1128 is affected.
- Version 10.0.10240.0 and below 10.0.10240.20766 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 10.0.14393.0 and below 10.0.14393.7336 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.0.6003.0 and below 6.0.6003.22870 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27320 is affected.
- Version 6.1.7601.0 and below 6.1.7601.27320 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25073 is affected.
- Version 6.2.9200.0 and below 6.2.9200.25073 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22175 is affected.
- Version 6.3.9600.0 and below 6.3.9600.22175 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.