The US Cybersecurity Agency (CISA) has issued an urgent directive to all federal departments to safeguard their systems against a newly discovered vulnerability in Windows, which is being exploited by the Void Banshee hacker group.
Revealed as CVE-2024-43461 (CVSS: 8.8), the vulnerability affects MSHTML, the component in Windows that interprets and displays HTML code, including formats, styles, scripts, and other elements of a webpage. MSHTML also supports various versions of the HTML standard, as well as technologies like CSS (cascading styles) and JavaScript.
While many browsers such as Internet Explorer and older versions of Microsoft Edge rely on MSHTML as their display engine, the platform has lost significance due to Microsoft Edge’s move to Chromium. Despite this shift, MSHTML is still utilized in applications like Microsoft Outlook and other programs within the Windows operating system.