Microsoft Windows users are now facing a critical security threat due to a newly discovered vulnerability being actively exploited by attackers. This hidden flaw, which Microsoft has just patched, utilizes a novel method to compromise systems, putting the personal data of many users at risk.
Security researchers at Check Point have identified that attackers are using specially crafted Windows Internet Shortcut files. When clicked, these files trigger the retired Internet Explorer (IE) to open a malicious URL controlled by the attacker. Despite being outdated and less secure compared to modern browsers like Chrome and Edge, IE still exists within the Windows operating system, providing attackers with significant advantages.
#Microsoft Windows Deadline—You Have 21 Days To Update Your PC https://t.co/jfrh9coK8H #TechJunkieInvest #investing #TechJunkieNews #Tech #BigTech #OperatingSystem #Software pic.twitter.com/oLz0ibDO3M
— Tech Junkie (@techjunkiejh) July 11, 2024
This vulnerability is severe enough that the US government has added it to its Known Exploit Vulnerability catalog. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all Windows systems used by federal employees must be updated or taken offline by July 30. This directive comes in light of reports indicating that threat actors have been exploiting this vulnerability for an extended period.
Microsoft acknowledged the exploitation of this vulnerability in their July update. The company expressed gratitude towards Check Point’s Haifei Li for the responsible disclosure of this issue. Microsoft assured users that those who have installed the latest updates are protected against this threat.
Despite Internet Explorer’s long-retired status, it remains embedded in the Windows OS, which is exploited through what Check Point refers to as the “mhtml trick.” This technique deceives users into clicking a link they believe is a PDF but is actually an IE shortcut, leading to the compromise of their system.
Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability on Tuesday that made them possible.#microsoft #windows #malware #0day #security https://t.co/2ycyNYnB8R
— TechHelpKB.com 📚 (@techhelpkb) July 10, 2024
The specific vulnerability, identified as CVE-2024-38112, is not the only concern addressed in Microsoft’s latest patch. Another critical flaw, CVE-2024-38080, involves a privilege escalation vulnerability in Microsoft Windows Hyper-V, allowing local attackers to gain SYSTEM privileges. These updates are part of a larger batch of 137 patches released in July, emphasizing the importance of timely system updates.
Eli Smadja from Check Point highlighted the surprising nature of the exploit, leveraging Internet Explorer to execute the attack. He strongly advises all Windows users to apply the latest Microsoft patch immediately to protect themselves from potential threats.
This situation underscores the urgency for Windows 10 users to consider upgrading, as the operating system approaches its end of life next October. Without regular security updates, those remaining on Windows 10 will be increasingly vulnerable unless they opt for a new, paid plan. Recent statistics indicate that Microsoft is making progress in encouraging users to transition to Windows 11, which is a positive development.
In addition to this pressing security update, Microsoft has been addressing other issues. Recently, a problem from the June Windows security update caused some devices to fail to start or enter repeated restart cycles. While this primarily impacted systems using virtualized machines or features, it disrupted the regular update process.
By Sayan Sen – Microsoft has quietly published detailed requirements of whether a user needs to worry about Windows KB5034441 and KB5034440 recovery updates,which end up causing “0x80070643 – ERROR_INSTALL_FAILURE” #Microsoft #Windows #BugFix https://t.co/CseL9vo2s5
— NeowinFeed (@NeowinFeed) July 10, 2024
Key Points:
i. Microsoft Windows users face a new critical security threat from a recently discovered vulnerability, which has been actively exploited.
ii. Attackers use special Windows Internet Shortcut files to trigger Internet Explorer, opening a malicious URL that compromises the system.
iii. The US government’s CISA has mandated updates for federal Windows systems by July 30 due to the severity of the threat.
iv. Microsoft’s latest patch addresses this vulnerability and others, emphasizing the need for timely updates.
v. Windows 10 users are urged to consider upgrading to Windows 11 as support for Windows 10 nears its end.
Susan Guglielmo – Reprinted with permission of Whatfinger News