CISA Warns of Windows MSHTML & Progress WhatsUp Gold Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about two critical vulnerabilities affecting Microsoft Windows MSHTML and Progress WhatsUp Gold. Dubbed CVE-2024-43461 and CVE-2024-6670, they allow attackers to spoof web pages and retrieve encrypted user passwords, respectively. Both are reportedly being widely exploited, posing significant risks to users and organizations. Users are urged to apply mitigations and updates or discontinue using affected products.