Microsofts Internet Explorer Gets Revived to Lure in Windows Victims

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsofts Internet Explorer Gets Revived to Lure in Windows Victims


Though IE was officially retired in June 2022, the vulnerability ramped up in January 2023 and has been going strong since.



Check Point earlier this month discovered a remote code execution vulnerability, tracked as CVE-2024-38112, that impacts
Microsoft Windows users
and different versions of Windows Server.
The attackers used Windows Internet Shortcut files, which call on the
retired Internet Explorer
to visit a URL with a hidden malicious extension name and controlled by these threat actors. Because users are opening this URL with Internet Explorer, and not more secure browsers like Chrome or Edge, the threat actor has more advantages in exploiting the victims device.
The threat actors also use a second method where they make the victim believe they are opening a PDF file, while in fact, they are downloading and executing a dangerous 
.
hta application,
wrote the Check Point researchers
.
The Cybersecurity and Infrastructure Security Agency (CISA) has added this high-severity vulnerability to its 
Known Exploited Vulnerabilities Catalog
  Catalog, with its score of 7.5 due to its active exploitation, and mandated that all Windows systems within federal agencies must be updated or shut down by July 30.
Other research shows
that of the roughly 500,000 endpoints running Windows 10 and 11, more than 10% of those devices are missing endpoint protection controls and almost 9% lack patch management controls, meaning that these organizations have a significant number of blind spots for attackers to exploit. 
Though Microsoft issued a patch on July 9, some exploits of this vulnerability date back more than a year ago, which means organizations need to act quickly in their mitigation efforts.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsofts Internet Explorer Gets Revived to Lure in Windows Victims