Internet Explorer Exploited in New Cyberattack: Urgent Action Required for Windows Users

Cybersecurity researchers have uncovered a new vulnerability, CVE-2024-38112, exploiting the retired Internet Explorer browser. Attackers use Windows Internet Shortcut files to direct users to malicious URLs opened with Internet Explorer, bypassing the security of modern browsers like Chrome and Edge. Additionally, users are tricked into downloading harmful .hta applications disguised as PDFs.

Key Details:

Exploit Method: Internet Explorer and malicious .hta files.

Vulnerability: Added to CISA's Known Exploited Vulnerabilities Catalog.

Impact: Affects over 10% of Windows 10 and 11 devices lacking protection and patch management.

The Attack Techniques

Internet Shortcut Files: Attackers send files that, when clicked, use Internet Explorer to open a URL with a hidden malicious payload. This method exploits the lesser security of the retired browser, making it easier for attackers to execute their code on the victim's device.

Deceptive File Types: Another tactic involves tricking users into believing they are opening a harmless PDF file. Instead, they download and run a .hta application, which is a type of HTML executable file that can perform various malicious actions on the system.

Urgency and Response

The Cybersecurity and Infrastructure Security Agency (CISA) has classified this as a high-severity vulnerability, giving it a score of 7.5 due to its active exploitation. CISA has mandated that all federal agencies update or secure their Windows systems by July 30, 2024.

Despite Microsoft issuing a patch on July 9, 2024, research indicates that many systems remain vulnerable. Of the roughly 500,000 endpoints running Windows 10 and 11, more than 10% lack endpoint protection, and almost 9% do not have patch management controls. This creates significant blind spots for potential exploitation.

Organizations and individuals must take immediate steps to secure their systems:

Apply the Latest Patches: Ensure all systems are updated with the latest security patches from Microsoft.

Disable Internet Explorer: Where possible, disable Internet Explorer and encourage the use of more secure browsers like Edge or Chrome.

Educate Users: Train users to recognize and avoid phishing attempts and suspicious file downloads.

Strengthen Security Posture: Implement robust endpoint protection and patch management solutions to close potential security gaps.

Conclusion

The exploitation of this vulnerability underscores the need for vigilance in cybersecurity practices. Organizations must act swiftly to mitigate risks and protect their systems from emerging threats. As attackers continue to find new ways to exploit outdated software, staying updated with the latest security measures is crucial for safeguarding sensitive information.