CVE-2024-38112 is a significant software vulnerability found in the MSHTML (Trident) engine, primarily used by the now-retired Internet Explorer browser. Despite this, newer systems such as Windows 10 and Windows 11, where Edge is the default browser, are still susceptible to attacks exploiting this flaw. This vulnerability was publicly disclosed in July 2024, highlighting its potential misuse and the need for urgent action.
The Advanced Persistent Threat (APT) group known as Void Banshee exploited this vulnerability against victims located in North America, Europe, and Southeast Asia, according to a blog post published by Trend Micro on July 15. The exploitation of CVE-2024-38112 allowed the APT group to perform deceptive actions, posing a severe security risk to affected users. The extent of the damage caused by these attacks remains undisclosed, but it underscores the critical nature of addressing such vulnerabilities promptly.
In response to the discovery and subsequent exploitation of the vulnerability, Microsoft released an official patch on July 9 to rectify the issue. This patch, part of Microsoft's regular 'Patch Tuesday' updates, mitigates the risks associated with CVE-2024-38112. Microsoft worked closely with relevant parties to develop and distribute this patch, underscoring their commitment to maintaining robust system security for all users.
Description last updated: 2024-10-08T22:15:44.383Z