⚠ Actively exploited
Added to CISA KEV on 2024-09-16. Federal agencies required to patch by 2024-10-07. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-43461User Interface (UI) Misrepresentation of Critical Information in Microsoft Windows 10 Version 1507

CWE-451User Interface (UI) Misrepresentation of Critical Information5 documents5 sources
Severity
8.8HIGHCNA
VulnCheck7.5CISA7.5
No vector
EPSS
10.8%
top 6.61%
CISA KEV
KEV
Added 2024-09-16
Due 2024-10-07
Exploit
Exploited in wild
Active exploitation observed
Affected products
17
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+14 more
Timeline
PublishedSep 10
KEV addedSep 16
KEV dueOct 7
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability

Affected Packages17 packages

CVEListV5microsoft/windows_server_20126.2.9200.06.2.9200.25073
CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.7336
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.6293
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.2700
CVEListV5microsoft/windows_server_2012_r26.3.9600.06.3.9600.22175

🔴Vulnerability Details

2
CVEList
Windows MSHTML Platform Spoofing Vulnerability2024-09-10
VulnCheck
Microsoft Windows MSHTML Platform Spoofing Vulnerability2024

📋Vendor Advisories

2
CISA
Microsoft Windows MSHTML Platform Spoofing Vulnerability2024-09-16
Microsoft
Windows MSHTML Platform Spoofing Vulnerability2024-09-10

🕵️Threat Intelligence

1
Bleepingcomputer
Windows vulnerability abused braille “spaces” in zero-day attacks2024-09-15
CVE-2024-43461 — Microsoft vulnerability | cvebase