Microsoft Urges Immediate Windows Update to Patch Critical Exploits

Users have until October 7 to secure systems against vulnerabilities exploited by Void Banshee hacking group.

Microsoft has issued an urgent update to fix two critical MSHTML vulnerabilities, CVE-2024-43461 and CVE-2024-38112, exploited by the Void Banshee group.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-43461 to its Known Exploited Vulnerabilities catalog, mandating updates by October 7.
The vulnerabilities allow attackers to execute arbitrary code and spoof web pages, potentially leading to the installation of information-stealing malware.
Void Banshee used these flaws to deploy the Atlantida malware, targeting users in North America, Europe, and Southeast Asia.
Microsoft's September Patch Tuesday update addresses these exploits, urging users to apply both July and September updates to fully protect their systems.