The flaw had received a fix during Microsoft’s ‘Patch Tuesday’ update on Sept. 10, but had not initially been listed as exploited in attacks.

A Microsoft Windows vulnerability with a rating of “high” severity has been acknowledged as having seen exploitation in cyberattacks, after initially being listed by the tech giant as unexploited upon its disclosure last week.

Following Microsoft’s monthly release of security fixes on Sept. 10, known as “Patch Tuesday,” a Trend Micro researcher noted that Microsoft had neglected to list a Windows MSHTML Platform Spoofing Vulnerability (tracked at CVE-2024-43461) as exploited.

[Related: Ivanti Reports Exploitation Of Cloud Gateway Vulnerability]

“When we told Microsoft about the bug, we indicated it was being actively used,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, wrote in a post that day. “We’re not sure why they don’t list it as being under active attack, but you should treat it as though it were, especially since it affects all supported versions of Windows.”

On Friday, however, Microsoft updated its listing of the vulnerability to show that it has seen exploitation — and on Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory mentioning the vulnerability.

The federal cybersecurity agency added the bug to its catalog of vulnerabilities known to have seen exploitation in the wild Monday. “These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA wrote in the advisory.

The Windows vulnerability has been exploited by an advanced persistent threat group known as Void Banshee, according to a BleepingComputer report that cited Trend Micro. The group reportedly focuses on launching data-theft attacks against organizations in North America and Europe, as well as Southeast Asia.

The vulnerability is listed with a severity rating of “high” — 8.8 out of 10.0, according to the vulnerability scoring system.

In its page on the vulnerability, Microsoft credited Trend Micro Zero Day Initiative researchers with reporting the issue.