cbcvebase.
CVE-2024-43573
published 2024-10-08

CVE-2024-43573: Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability

high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-10-29
Exploited in the wild
EPSS
44.38%
98.6th percentile
Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability

Affected

28 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_10_version_1507>= 10.0.10240.0 < 10.0.10240.2079610.0.10240.20796
microsoftwindows_10_version_1607>= 10.0.14393.0 < 10.0.14393.742810.0.14393.7428
microsoftwindows_10_version_1809>= 10.0.17763.0 < 10.0.17763.641410.0.17763.6414
microsoftwindows_10_version_21h2>= 10.0.19043.0 < 10.0.19044.501110.0.19044.5011
microsoftwindows_10_version_22h2>= 10.0.19045.0 < 10.0.19045.501110.0.19045.5011
microsoftwindows_11_version_21h2>= 10.0.22000.0 < 10.0.22000.326010.0.22000.3260
microsoftwindows_11_version_22h2>= 10.0.22621.0 < 10.0.22621.431710.0.22621.4317
microsoftwindows_11_version_22h3>= 10.0.22631.0 < 10.0.22631.431710.0.22631.4317
microsoftwindows_11_version_23h2>= 10.0.22631.0 < 10.0.22631.431710.0.22631.4317
microsoftwindows_11_version_24h2>= 10.0.26100.0 < 10.0.26100.203310.0.26100.2033
microsoftwindows_server_2012_r2>= 6.3.9600.0 < 6.3.9600.222216.3.9600.22221
microsoftwindows_server_2016>= 10.0.14393.0 < 10.0.14393.742810.0.14393.7428
microsoftwindows_server_2019>= 10.0.17763.0 < 10.0.17763.641410.0.17763.6414
microsoftwindows_server_2022>= 10.0.20348.0 < 10.0.20348.276210.0.20348.2762
msrcwindows_10
msrcwindows_10_version_1607
msrcwindows_10_version_1809
msrcwindows_10_version_21h2
msrcwindows_10_version_22h2
msrcwindows_11_version_21h2
msrcwindows_11_version_22h2
msrcwindows_11_version_23h2
msrcwindows_11_version_24h2
msrcwindows_server_2012_r2
msrcwindows_server_2016

Detection & IOCsextracted from sources · hover to see the quote

snort
64083 - 64086, 64089, 64090, 64111 and 64112
snort
301034 - 301036 and 301041
  • This is the fourth MSHTML vulnerability exploited in the wild in 2024; treat any MSHTML-related process activity (especially on systems still running IE11 or Legacy Edge) as high-priority for investigation.
  • The spoofing vulnerability also affects Internet Explorer 11 and Legacy Microsoft Edge browsers on certain platforms and Windows applications; flag activity from these legacy browser processes.
  • ·Talos Snort rule numbers cover multiple October 2024 Patch Tuesday CVEs, not exclusively CVE-2024-43573; verify which rule SIDs specifically target MSHTML spoofing before deploying.
  • ·Microsoft has not shared details of the vulnerability or source of disclosure for CVE-2024-43573, limiting precise behavioral detection rule development.
  • ·MSHTML technology remains active and vulnerable even on systems where Internet Explorer has been retired; detection scope must extend beyond IE browser processes to all Windows components using MSHTML.

CVSS provenance

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
cvelistv56.5MEDIUM
vulncheck8.8HIGH
cisa8.1HIGH
vendor_msrc6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.