Microsoft IE bug released in Tuesday was exploited as zero-day

Microsoft has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched.

security bug – CVE-2024-43461, an “important” spoofing flaw with an 8.8-out-of-10 CVSS severity rating.

Essentially, if you exploit CVE-2024-43461, user hide the true file-type extension of a file after it’s finished downloading in Internet Explorer. using non-printing braille Unicode characters, to entice user into opening a file that looks unsuspicious download but turns out to run malicious code. a attacker will compromise user system.

Reference:

https://www.theregister.com/2024/09/17/microsoft_zero_day_spoofing_flaw/

NOTE: The information is provide is on “as is “ basis, without assurance of any kind .

Revision history

1. 19-Sept-24 – . – advisory update —

About The Author

Gaurav Srivastava

15+ years of commended experience in performance in vulnerability assessment and Penetration testing, perform DAST, SAST and SCA scan Application security of web application, OWASP Testing Framework/Application security controls. Testing of webservices, source code analysis, vulnerability patch management .ISO 27001:2005 security audits of function and projects.

See author's posts