The Download
The US Cyber agency is warning Federal agencies to patch the vulnerability in Microsoft tracked as CVE-2024-43573. The vulnerability is being actively exploited by adversaries that take advantage of an MSHTML file that is a Windows shortcut that opens an older version of Microsoft Internet Explorer rather than Google Chrome of Microsoft Edge. Attackers can use the shortcut and Internet Explorer to gain system level privileges on Windows systems. This is the third such tracked vulnerability related to this problem this year. CISA has added this vulnerability to its Known Exploitable Vulnerability (KEV) catalog, which mandates Federal agencies patch with urgency.
What You Can Do
IT administrators should ensure all systems are updated to the latest versions of Windows 11. Automated patch management systems should be deployed to maintain updated security patches across networks. Additionally, admins must conduct regular security audits, disable unused services, and enforce strong password policies to reduce vulnerability. Scan your attack surfaces with ThreatMate to prioritize patching against threats.
To Learn More: