US Mandates update Windows now or Don’t use PC

MSHTML Vulnerability

The US government has mandated all federal employees must apply all patches for the MSHTML vulnerabilities in Microsoft Windows CVE-2024-43573 or stop using there devices, immediately. It is assumed this mandate which has attracted plenty of media attention, might filter through to the enterprise and SMB market in a bid to protect the nation .

CVE-2024-43573 is a critical security vulnerability in the Microsoft Windows MSHTML platform, which is responsible for rendering HTML content in various Microsoft applications. This is the third patch and emergency update related to this previously unknown threat which relates to MSHTML. The threat exploits older software, by providing a special, Windows Internet Shortcut file, which, when clicked, opens Windows Internet Explorer, which is now well retired, and connects to the attackers offending URL This of course has forced Microsoft to continue to patch and secure their older software such as Microsoft’s Internet Explorer, alongside the more modern Windows 10/11 operating system, when they thought these programs had become end of life EOL.

Here are the key security risks associated with this vulnerability:

  • Spoofing Attacks: The vulnerability allows attackers to conduct spoofing attacks by crafting malicious HTML content. This can deceive users into believing they are interacting with a legitimate source, potentially leading to unauthorized access to sensitive data.
  • Data Theft: Exploiting this vulnerability can enable attackers to steal sensitive information, such as passwords, personal details, and financial data. For organizations, this could mean unauthorized access to confidential business data or customer records, leading to severe legal and financial consequences.
  • Malware Distribution: Attackers can use this vulnerability to distribute malware. By embedding malicious scripts in HTML content, they can execute arbitrary code on the target system, potentially leading to broader system infiltration and compromise.
  • Credential Harvesting: By spoofing trusted interfaces, attackers can trick users into disclosing their credentials, which can then be used to gain deeper access into organizational systems.
  • Ease of Exploitation: The vulnerability is relatively easy to exploit, requiring only that a user interacts with malicious HTML content, such as by clicking a link in an email or opening a webpage.

To mitigate these risks, it is crucial to apply the official patch released by Microsoft, which addresses the flaw in MSHTML by improving validation checks to prevent the execution of malicious HTML content. Additionally, users and administrators should:

  • Disable MSHTML in non-essential applications on Windows desktops and Windows devices.
  • Implement enhanced access controls for all end users.
  • Configure email and web filters to block malicious HTML content at the firewall
  • Educate users about the risks of interacting with unknown links or files in thier Email or Web Browsers
  • Enable system wide detailed logging to monitor unusual HTML or script activity on PCs

CVE-2024-43573 Exploit History

CVE-2024-38112

CVE-2024-38112 is a spoofing vulnerability in the Windows MSHTML platform. Discovered earlier this year by Trend Micro’s Zero Day Initiative, it had been actively exploited by the APT group Void Banshee.

The vulnerability allows attackers to conduct spoofing attacks, leading to unauthorized access to sensitive information, data manipulation, and potential system disruption. It had a CVSSv3 score of 7.5, indicating a high impact on confidentiality, integrity, and availability.

Microsoft released a patch in July 2024 to address this vulnerability by unregistering the MHTML handler from Internet.

CVE-2024-43461

This vulnerability was disclosed in September 2024 and has been actively exploited by hackers and threat actors. It has been primarily used in social engineering attacks to trick users into opening malicious files. Allowing attackers to spoof web pages and trick users into visiting malicious sites, potentially leading to data theft and further system compromise

With an increasing CVSS severity score if 8.8. this vulnerability poses a significant risk of exploitation.

Again a patch was release in September to mitigate this vulnerability.

How to combat in the Future ?

As express above, these exploits all utilise the insecurities of older Microsoft Software, in this case Microsoft’s Internet Explorer. This software is now over 30 years old. During its life Internet Explorer has had over 1000 documented vulnerabilities and the count still climbing.

The best advice I can give all clients and users is to upgrade to Windows 11. Microsoft has been proactively removing all old legacy software from Windows 11. This may mean your favourite piece of software is being removed, like my beloved notepad and control panel or in office workflows will need to be altered. But change in this case is required to eliminate this extremely old software still circulating on our desktops and connected to the internet.

What if my computer is not Windows 11 Compatible ?

We have had several clients wanting to migrate their entire office to Windows 11 but where under the belief they could not due to hardware requirements that Windows 11 has stipulated to run on. This is definitely the case, however there are work arounds to this impediment. As you are aware PCP is an extremely bespoke IT service provider and understands that capital outlay for new PCs is not always available.

If you are wanting to upgrade to Windows 11 today, even if your hardware is not up to the specification indicated by Microsoft, please talk to your PCP account representative to discuss your options.

Scroll to Top