Internet Explorer zero-day stealthily targets Windows 10 and 11 users
So, you thought you’d seen the last of the insecure abomination that was the Internet Explorer web browser, huh? Think again.
What if I were to tell you that your installation of Windows 10 or 11 (including Server editions) still comes with Internet Explorer installed by default, despite it being ‘retired’ by Microsoft two years ago?
And, while we’re all in shocking-revelation mode, what if I were to tell you that Morpheus never uttered that infamous line in The Matrix, despite a million memes claiming he did?
Prepare for shock number three: security researchers have revealed a zero-day exploit that has been using Internet Explorer to install malware for at least a year.
Check Point reveals Internet Explorer zero-day exploit
A Check Point Research report titled Resurrecting Internet Explorer details how attackers were able to use a vulnerability in the MSHTML browser engine that powered Internet Explorer.
Catalogued as CVE-2024-38112, this zero-day spoofing vulnerability enabled attackers to weaponise Internet Shortcut files which called Internet Explorer to visit a malicious site.
“An additional trick on IE is used to hide the malicious .hta extension name,” the Check Point researchers said.
“By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.”
Microsoft included a fix for this vulnerability in the latest Patch Tuesday rollout, so you know what to do!
“We greatly appreciate Haifei Li [author of the Check Point report] for this research and for responsibly reporting it under a coordinated vulnerability disclosure,” Microsoft told me in a statement. “Customers who have installed the update are already protected.”
Industry reaction to IE exploit
“Given the extensive use of MSHTML across numerous applications, the potential reach and impact of this vulnerability are substantial, affecting a broad user base,” said Mike Walters, Co-Founder of Action1.
Walters warns that attackers can leverage CVE-2024-38112 for various malicious purposes, such as “redirecting users to cloned banking or e-commerce sites to steal credentials and financial information, conducting corporate espionage and causing widespread damage to the community”.
Microsoft quite rightly notes that the complexity required for successful exploitation of this vulnerability is high, but needless to say, that hasn’t stopped it from being deployed over the past 12 months or so.
Satnam Narang, Senior Staff Research Engineer at Tenable, said it could be “exploited by an unauthenticated, remote attacker if they convince a potential target to open a malicious file”.
Useful links:
Davey Winder
NEXT UP
Martyn Hoogaker, GVP & General Manager for EMEA Region, Rimini Street: “Data has been instrumental in enhancing our CRM systems”
We interview Martyn Hoogaker, GVP & General Manager for EMEA Region, Rimini Street, responsible for all business operations in the region
AWS and its rivals have created amazing AI tools for businesses – so why not make them easier to access?
AWS has created some of the most amazing AI tools for businesses that you probably haven’t heard of – it’s time to go mainstream
Protecting data in use is essential
Many organisations still have data-centric vulnerabilities lurking in plain sight, including a failure to protect the data in use.