Windows Vulnerability Exploited by Zero-Day Attack for over a Year
Threat actors took advantage of a zero-day vulnerability in Windows 10 and 11, allowing them to force devices to open Internet Explorer and execute malicious code. This vulnerability, known as CVE-2024-38112, was patched by Microsoft on July 7, 2024, with a severity rating of 7.0 out of 10. The exploit deceived users into thinking they were opening a PDF file, while it actually initiated a .url file to open Internet Explorer, circumventing the default Edge browser. This method utilized old tricks with attributes like "mhtml:" and "!x-usc:" to call msedge.exe and redirect to a malicious website. Once in Internet Explorer, users were prompted to open a file, ultimately leading to the execution of a .hta file containing embedded malicious code. This sophisticated attack emphasizes the persistent risks associated with legacy software like Internet Explorer, even after its official decommissioning. Prompt system updates and cautiousness towards unexpected file types masquerading as PDFs are crucial for user protection.
Key Takeaways
- Zero-day attacks exploited a Windows vulnerability for over a year before Microsoft remedied it.
- The flaw affected Windows 10 and 11, compelling devices to open Internet Explorer, which had been decommissioned by Microsoft.
- Malicious code utilized inventive tactics to disguise .url files as PDFs, deceiving users into running harmful content.
- The vulnerability, CVE-2024-38112, obtained a severity rating of 7.0 out of 10 and was rectified in Microsoft's monthly patch release.
- Users are advised to scrutinize for malicious .url files using provided cryptographic hashes.
Analysis
The exploitation of CVE-2024-38112 underscores the endurance of legacy systems like Internet Explorer. Tangible consequences include compromised user data and potential financial losses for affected individuals and businesses. Indirectly, this incident may hasten the transition towards more secure, modern browsers and intensify scrutiny on software lifecycle management. In the short term, anticipate augmented cybersecurity expenditures and user awareness campaigns. Over the long term, this could instigate more stringent software security standards and more thorough audits of legacy systems.
Did You Know?
-
Zero-day vulnerability:
- A zero-day vulnerability denotes a security flaw in software that is undisclosed to the vendor upon discovery. This absence of a patch or fix renders it a prime target for cyberattacks. In this instance, threat actors exploited the vulnerability in Windows 10 and 11 for over a year prior to Microsoft releasing a patch.
-
CVE-2024-38112:
- CVE stands for Common Vulnerabilities and Exposures, a repository of publicly known information security vulnerabilities and exposures. CVE-2024-38112 is the identifier assigned to the specific zero-day vulnerability in Windows 10 and 11 that was exploited to compel devices to open Internet Explorer and execute malicious code. The severity rating of 7.0 out of 10 signifies the potential impact and risk associated with this vulnerability.
-
.hta file:
- An .hta file stands for HTML Application, a Microsoft Windows program with source code comprising HTML, Dynamic HTML, and one or more scripting languages supported by Internet Explorer. These files are capable of running applications or utilities on a computer. In the context of this attack, the .hta file contained embedded malicious code that was triggered once users were deceived into opening it, leading to further compromise of their systems.