Skip to content
July 4, 2026
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy

Microsoft News Now

The Home of Microsoft News Today

Primary Menu
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Light/Dark Button
Subscribe

Home - News - Two Internet Explorer vulnerabilities, CVE-2024-43461 and CVE-2024-38112, were exploited in the wild as zero-day attacks

  • News

Two Internet Explorer vulnerabilities, CVE-2024-43461 and CVE-2024-38112, were exploited in the wild as zero-day attacks

Microsoft has confirmed that two Internet Explorer vulnerabilities, CVE-2024-43461 and CVE-2024-38112, were exploited in the wild as zero-day attacks.
Dave W. Shanahan 2 years ago (Last updated: 1 year ago) 3 minutes read
Two Internet Explorer vulnerabilities, CVE-2024-43461 and CVE-2024-38112, were exploited in the wild as zero-day attacks

Microsoft has confirmed that two Internet Explorer vulnerabilities, CVE-2024-43461 and CVE-2024-38112, were exploited in the wild as zero-day attacks. The company’s acknowledgment underscores the critical nature of these vulnerabilities and the importance of timely patching.

CVE-2024-43461: A Windows MSHTML platform spoofing vulnerability

CVE-2024-43461 is a Windows MSHTML platform spoofing vulnerability that allows remote attackers to execute arbitrary code on affected installations of Windows. This vulnerability exists within the way Internet Explorer prompts the user after a file is downloaded. A crafted file name can cause the true file extension to be hidden, misleading the user into believing that the file type is harmless. An attacker can leverage this vulnerability to execute code in the context of the current user.

The @thezdi threat hunting team reported CVE-2024-38112 (MHTML handler inside of .URL files) and CVE-2024-43461 (File Extension Spoofing) to @msftsecresponse. Both are fixed!https://t.co/aktG5ALEw9

— Peter Girnus 🦅 (@gothburz) September 16, 2024

The vulnerability was discovered by Peter Girnus at Trend Micro’s Zero Day Initiative (ZDI) and was initially reported to Microsoft in June. However, threat actors quickly devised a method to bypass the patch, and it was actively exploited in the wild before being fixed in the September 2024 Patch Tuesday updates.

CVE-2024-38112: A longstanding zero-day vulnerability

CVE-2024-38112, another MSHTML platform spoofing vulnerability, was exploited for at least a year before it was fixed in July 2024. This vulnerability was used by the advanced persistent threat (APT) group Void Banshee to target organizations in North America, Europe, and Southeast Asia for information theft and financial gain.

Void Banshee exploited CVE-2024-38112 to force Windows to open malicious websites in Internet Explorer rather than Microsoft Edge when launching specially crafted shortcut files. The attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL. These URLs were used to download a malicious HTA file and prompt the user to open it, leading to the installation of the Atlantida info-stealer.

Attack chain and exploitation techniques

Two Internet Explorer vulnerabilities, CVE-2024-43461 and CVE-2024-38112, were exploited in the wild as zero-day attacks

The attack chain involving CVE-2024-43461 and CVE-2024-38112 demonstrates the sophistication of modern cyber threats. By combining these vulnerabilities, attackers could create a CWE-451 condition, UI misrepresentation of critical information, to hide the HTA file extension and make it appear as a PDF when Windows prompted users to open it. This technique, which used 26 encoded braille whitespace characters (%E2%A0%80) to hide the .hta extension, was particularly concerning as it exploited the legacy Internet Explorer engine, which no longer receives updates or security fixes.

Patching

It is critical to apply both the July 2024 and September 2024 security updates to fully protect against these vulnerabilities. The company’s advisory notes that the fix for CVE-2024-38112 in the July 2024 security updates broke the attack chain, and the September 2024 updates addressed CVE-2024-43461, ensuring that Windows shows the actual .hta extension and alerts users against malicious downloads.

About The Author

internet explorer

Dave W. Shanahan

I’m Dave W. Shanahan, a Microsoft enthusiast with a passion for Windows, Xbox, Microsoft 365 Copilot, Azure, and more. I started MSFTNewsNow.com to keep the world updated on Microsoft news. Based in Massachusetts, you can email me at davewshanahan@gmail.com.

See author's posts

Like this:

LikeLoading…

Related


Discover more from Microsoft News Now

Subscribe to get the latest posts sent to your email.

Tags: hackingMicrosoftMicrosoft EdgePatch TuesdaySecurityTwitterWindows

Post navigation

Previous: Microsoft announces significant financial updates: Dividend hike and new $60 billion stock buyback program
Next: Exclusive Xbox Game Pass September 2024 Wave 2 lineup revealed, featuring Wargroove 2, Frostpunk 2, and Ara: History Untold

Related Stories

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 1 day ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 2 days ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 2 days ago 0

AccessibilityAmazonAndroidAuthenticationAzureCall of DutyCopilotCybersecurityDeveloperEnterpriseFree Play DaysGamingGenerative AIGitHubGoogleLinkedinMicrosoftMicrosoft 365Microsoft 365 CopilotMicrosoft CopilotMicrosoft EdgeMicrosoft StoreMicrosoft TeamsNext Week on XBOXOpenAIOutlookPatch TuesdayPrivacySecuritySettingsSharePointSurfaceTwitterWindowsWindows 10Windows 11Windows InsiderXBOXXBOX Game PassXBOX Game Pass UltimateXBOX OneXBOX Play AnywhereXBOX Series XXBOX Series X|SXBOX Wire

Useful Links

  • AI and Copilot (249)
  • Azure & Cloud (35)
  • Developers (3)
  • Enterprise (4)
  • How To Guides (99)
  • Microsoft 365/Office (97)
  • Microsoft Announcements (97)
  • News (1,272)
  • Security (78)
  • Surface (47)
  • Windows (168)
  • XBOX and Gaming (418)

You May Have Missed

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10
  • News
  • XBOX and Gaming

Next Week on XBOX: Ultimate Assassin’s Creed Black Flag Resynced, College Football 27, Palworld 1.0, and More for an Exciting Week July 6–10

Dave W. Shanahan 1 day ago 0
XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week
  • News
  • XBOX and Gaming

XBOX Free Play Days: Call of Duty Black Ops 7, Diablo IV, Ikonei Island, and More Go Free This Week

Dave W. Shanahan 2 days ago 0
Microsoft Frontier Company: Microsoft's $2.5B Bet On Trusted Enterprise AI Transformation
  • News
  • Enterprise

Microsoft Frontier Company: Microsoft’s Big $2.5B Bet On Trusted Enterprise AI Transformation

Dave W. Shanahan 2 days ago 0
Microsoft Teams Rolls Out Smarter Bot Protection To Keep Unwanted AI Out Of Your Meetings
  • News
  • Microsoft 365/Office

Smarter Microsoft Teams Bot Protection Rolls Out To Keep Unwanted AI Out Of Your Meetings

Dave W. Shanahan 3 days ago 0
  • AI & Copilot
  • Azure Cloud
  • How To Guides
  • Microsoft 365 Office
  • Windows
  • XBOX
  • Privacy Policy
Copyright © 2026 All rights reserved. ReviewNews by AF themes.

    %d