CVE-2024-38112

Vulnerability updated 22 days ago (2024-11-29T13:43:49.857Z)
Download STIX
Preview STIX
CVE-2024-38112 is a significant software vulnerability found in the MSHTML (Trident) engine, primarily used by the now-retired Internet Explorer browser. Despite this, newer systems such as Windows 10 and Windows 11, where Edge is the default browser, are still susceptible to attacks exploiting this flaw. This vulnerability was publicly disclosed in July 2024, highlighting its potential misuse and the need for urgent action. The Advanced Persistent Threat (APT) group known as Void Banshee exploited this vulnerability against victims located in North America, Europe, and Southeast Asia, according to a blog post published by Trend Micro on July 15. The exploitation of CVE-2024-38112 allowed the APT group to perform deceptive actions, posing a severe security risk to affected users. The extent of the damage caused by these attacks remains undisclosed, but it underscores the critical nature of addressing such vulnerabilities promptly. In response to the discovery and subsequent exploitation of the vulnerability, Microsoft released an official patch on July 9 to rectify the issue. This patch, part of Microsoft's regular 'Patch Tuesday' updates, mitigates the risks associated with CVE-2024-38112. Microsoft worked closely with relevant parties to develop and distribute this patch, underscoring their commitment to maintaining robust system security for all users.
Description last updated: 2024-10-08T22:15:44.383Z
What's your take? (Question 1 of 2)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Microsoft
Vulnerability
Windows
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the CVE-2024-38112 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
11 days ago
Securityaffairs
2 months ago
DARKReading
2 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
Securityaffairs
3 months ago
DARKReading
3 months ago
Securityaffairs
4 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
InfoSecurity-magazine
5 months ago
Checkpoint
5 months ago
BankInfoSecurity
5 months ago
DARKReading
5 months ago