⚠ Actively exploited
Added to CISA KEV on 2024-10-08. Federal agencies required to patch by 2024-10-29. Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable..

CVE-2024-43573

CWE-79Cross-site Scripting (XSS)10 documents7 sources
Severity
6.5MEDIUM
No vector
EPSS
17.7%
top 4.88%
CISA KEV
KEV
Added 2024-10-08
Due 2024-10-29
Exploit
Exploited in wild
Active exploitation observed
Affected products
17
Microsoft Windows 10 Version 1507Microsoft Windows 10 Version 1607Microsoft Windows 10 Version 1809+14 more
Timeline
PublishedOct 8
KEV addedOct 8
Latest updateOct 9
KEV dueOct 29
CISA Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows MSHTML Platform Spoofing Vulnerability Windows MSHTML Platform Spoofing Vulnerability

Affected Packages17 packages

CVEListV5microsoft/windows_server_201610.0.14393.010.0.14393.7428
CVEListV5microsoft/windows_server_201910.0.17763.010.0.17763.6414
CVEListV5microsoft/windows_server_202210.0.20348.010.0.20348.2762
CVEListV5microsoft/windows_server_2012_r26.3.9600.06.3.9600.22221
CVEListV5microsoft/windows_10_version_150710.0.10240.010.0.10240.20796

🔴Vulnerability Details

2
CVEList
Windows MSHTML Platform Spoofing Vulnerability2024-10-08
VulnCheck
Microsoft Windows MSHTML Platform Spoofing Vulnerability2024

📋Vendor Advisories

2
CISA
Microsoft Windows MSHTML Platform Spoofing Vulnerability2024-10-08
Microsoft
Windows MSHTML Platform Spoofing Vulnerability2024-10-08

🕵️Threat Intelligence

2
Krebs
Patch Tuesday, October 2024 Edition2024-10-09
Krebs
Patch Tuesday, October 2024 Edition2024-10-08
CVE-2024-43573 (MEDIUM CVSS 6.5) | Windows MSHTML Platform Spoofing Vu | cvebase.io