Check Point Research (CPR) has uncovered a critical zero-day spoofing attack targeting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser’s retirement. Known as CVE-2024-38112, this vulnerability enables attackers to remotely execute code by luring users into opening malicious Internet Shortcut (.url) files. This attack has been active for over a year and has the potential to impact a large number of users.
Deceptive Tactics and Exploitation
The exploit involves deceiving users into clicking on .url files that force Internet Explorer to navigate to a harmful URL without their knowledge. Attackers have devised a sophisticated method to disguise the malicious .hta extension, taking advantage of Internet Explorer’s outdated security protocols to compromise systems running updated Windows operating systems.
Historically, .url files have been a common attack vector, with recent vulnerabilities such as CVE-2023-36025, which was patched in November, utilizing similar tactics. Despite Microsoft’s transition to the more secure Edge browser and users increasingly favoring Google Chrome, this exploit targets the remaining vulnerabilities in Internet Explorer.
How the Attack Works
The attack operates by tricking victims into believing they are opening a PDF file, only to redirect them to a website controlled by the attacker via Internet Explorer. This allows attackers to employ additional deceptive techniques to execute malicious code.
For more information on the exploit, you can visit the link provided. To protect against such threats, it is crucial to exercise caution when clicking on links and always ensure that your Windows system is fully up to date.
