Microsoft has confirmed that a just-fixed Internet Explorer vulnerability (CVE-2024-43461) was indeed exploited as a zero-day flaw before its patch was issued.
The vulnerability allows attackers to hide the true file-type extension of downloaded files in Internet Explorer, leading users to unwittingly open malicious code.
This flaw, identified by Trend Micro's Zero Day Initiative, requires user interaction and exploits the way Internet Explorer prompts users post-download.
CVE-2024-43461 has an 8.8 CVSS severity rating and was discovered by a combination of efforts from Microsoft staff and external researchers.
[
Collection
]
[
|
...
]