Check Point Uncovers Zero-Day Flaw in Windows, CVE-2024-38112

Check Point Software Technologies has unveiled new information about CVE-2024-38112, a zero-day flaw in Windows that was recently patched as part of this month’s Patch Tuesday release. The vulnerability, which has been exploited in the wild, was discovered by Haifei Li, principal vulnerability researcher at Check Point.

According to Microsoft, the flaw is a spoofing vulnerability in the Windows MSHTML platform, with a CVSS score of 7.5. To exploit the vulnerability, an attacker would need to send a victim a malicious file that the victim would then have to execute.

In a thread on X (formerly Twitter), Li expressed some frustration with Microsoft’s handling of the patch release, stating that the company released the patch earlier than expected without notifying Check Point. However, Microsoft later reached out to Li to address the miscommunication and improve future coordination.

Technical Insights and Threat Actor Activities

Check Point Research published a blog post authored by Li, providing technical details about CVE-2024-38112. The post revealed that threat actors were using malicious Windows Internet Shortcut Files disguised as PDFs to gain remote code execution on victims’ machines.

Although Internet Explorer is no longer officially supported, the presence of its code in the Windows OS allows threat actors to exploit the flaw, even on systems without IE installed. The attacks observed by Check Point involved luring victims into clicking on .url files that would open the retired IE browser and visit an attacker-controlled URL.

While the identities of the threat actors remain unknown, Check Point’s research group manager, Eli Smadja, stated that at least two separate campaigns were likely responsible for the threat activity. One of the threat actors had a history of infostealer infections and targeted users in Turkey and Vietnam.

Overall, the discovery of CVE-2024-38112 highlights the ongoing challenges in cybersecurity and the importance of coordinated disclosure between researchers and vendors to protect users from potential exploits.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.

How to change screen timeout settings on windows 10?

To change screen timeout settings on Windows 10, follow these steps: 1. Open Settings by pressing Windows key + I. 2. Select 'System' and then choose 'Power & sleep' from the left menu. 3. Under the 'Screen' section, you can set the desired screen timeout duration for when your device is on battery power and when it's plugged in.

How to crop a video on windows 10?

To crop a video on Windows 10, you can use the Photos app: 1. Open the video in the Photos app. 2. Click 'Edit & Create' and select 'Trim' if you only want to cut the video down in length, or 'Create a video with text' and then use the 'Trim' and 'Resize' options. 3. Use the cropping handles to select the area you want to keep. 4. Click 'Save a copy' to save the cropped video.

Update: 10 Jul 2024

Close All Windows download for free to PC or mobile

Latest update Close All Windows download for free for Windows PC or Android mobile

556 reviews

3161 downloads

News and reviews about Close All Windows

02 Jun 2025

Microsoft Resolves Windows 11 Startup Failures in Virtual PCs

Microsoft releases urgent fixes for Windows 11 startup issues in virtual environments due to missing ACPI.sys file. The updates, now available, underline the challenges in maintaining software security.

02 Jun 2025

Windows 11 Update Enhances Gaming Features and Performance

Windows 11's latest update fixes game bugs, boosts performance, and adds innovative features like Click to Do and Cross Device Resume.

02 Jun 2025

Windows Sends Out Emergency Update After System Errors

Microsoft responds to errors in Windows 11 following update KB5058405, issuing a non-security patch KB5062170 to address recovery issues affecting virtual systems.

02 Jun 2025

Windows Users Face Critical Upgrade Decisions Amid Security Risks

Microsoft urges Windows users to upgrade to Windows 11 as Windows 10 support ends soon, warning of security risks. Asus showcases AI advancements in new PCs.

02 Jun 2025

Chromebook Simplicity Stands Out Amidst Windows 11 Challenges

Chromebooks offer a straightforward alternative to Windows 11, especially when users face PC issues. ChromeOS provides ease of use when tackling technology challenges, highlighting Chromebook's advantage in simplicity and performance.

02 Jun 2025

Microsoft Releases Urgent Update for Windows Security Flaw

Microsoft has issued a critical update for Windows users, addressing a security flaw in Windows 13, 2025. This update resolves an ACPI.sys driver issue and includes previous fixes. Users are encouraged to restart devices post-installation for optimal security.