Recent findings have uncovered that the Windows MSHTML vulnerability, which has been patched, was exploited by cybercriminals for over a year before Microsoft addressed the issue. It is imperative for all at-risk systems to apply the necessary fix and conduct thorough scans to prevent potential breaches.
Exploitation of Windows MSHTML Vulnerability on Windows 10 and 11
Check Point Research (CPR) has revealed that malicious actors took advantage of the Windows MSHTML vulnerability for a lengthy period of eighteen months.
The exploit leveraged a vulnerable “mhtml” trick that enabled hackers to trigger Internet Explorer instead of Microsoft Edge.
Despite Microsoft transitioning from Internet Explorer to Microsoft Edge and discontinuing support in 2022, the former is still accessible on Windows 10 devices since its launch. CPR noted similar vulnerabilities on the latest Windows 11 as well, rendering even the most up-to-date Windows systems susceptible to the MSHTML exploit.
The attackers employed a novel tactic to entice users into opening maliciously crafted files. By concealing the “.url” extension and masquerading the files as PDFs, users unwittingly triggered Internet Explorer, leading to the download of data-stealing malware from a malicious webpage controlled by the attacker. Although this process may raise red flags for savvy users, those less vigilant could fall victim to the attack.
For additional details on the attack methodology, refer to the researchers’ post.
Microsoft’s Resolution of the Vulnerability in July 2024 Patch Tuesday
Upon identifying the vulnerability, Check Point Research promptly notified Microsoft in May 2024. Subsequently, Microsoft addressed the issue in the July 2024 Patch Tuesday updates, categorizing the flaw as a zero-day vulnerability.
Despite the patch release, users are advised to exercise caution when opening .url files from untrusted sources.
Share your insights in the comments section below.