The US Cybersecurity and Infrastructure Security Agency (CISA) has mandated American federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day vulnerability misused by the Void Banshee advanced persistent threat (APT) group.
Identified as CVE-2024-43461, the bug was initially disclosed in September 2024’s Patch Tuesday. Microsoft later confirmed that the flaw had been exploited before the patch was issued, despite earlier claims to the contrary.
Redmond also said that CVE-2024-43461 was part of an exploit chain with another MSHTML spoofing vulnerability, CVE-2024-38112, which was patched in July 2024.
CISA adds CVE-2024-43461 to KEV catalogue
The flaw allowed remote attackers to execute malicious code on unpatched Windows systems via crafted websites or harmful files. Exploits targeting this vulnerability involved distributing malicious HTA files disguised as PDFs, using encoded characters to conceal the true file extension.
CISA has added CVE-2024-43461 to its Known Exploited Vulnerabilities (KEV) catalogue, requiring federal agencies to secure affected systems by 7 October 2024, as per Binding Operational Directive (BOD) 22-01.
Private organisations are also advised to address the flaws to prevent further attacks.
Additionally, Microsoft’s September 2024 Patch Tuesday addressed three other zero-day vulnerabilities, including CVE-2024-38217. This has been exploited since 2018 to bypass key security features.
CISA also unveiled its Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan, aimed at strengthening coordinated cybersecurity efforts across over 100 federal agencies.
The plan outlines five priority areas, namely asset management, vulnerability management, defensible architecture, cyber supply chain risk management (C-SCRM), and incident detection and response.
Each FCEB agency operates with independent networks and system architectures tailored to their specific missions, resulting in different cyber risk tolerances and strategies.
However, a collective approach to cybersecurity reduces risk both across the interagency and within each agency, said CISA.
CISA Executive Assistant Director for Cybersecurity Jeff Greene said: “Federal government data and systems interconnect and are always a target for our adversaries. FCEB agencies need to confront this threat in a unified manner and reduce risk proactively.
“The actions in the FOCAL plan orient and guide FCEB agencies toward effective and collaborative operational cybersecurity and will build resilience. In collaboration with our partner agencies, CISA is modernising federal agency cybersecurity.”
The FOCAL plan, developed in collaboration with FCEB agencies, provides standard components for enterprise operational cybersecurity and aligns defence capabilities across the federal government.
While developed for FCEB agencies, the FOCAL plan serves as a useful roadmap for public and private sector organisations to bolster the coordination of their enterprise security capabilities.
The plan does not provide an exhaustive list of actions but is designed to focus resources on actions that significantly advance operational cybersecurity improvements and alignment goals.