Hackers Exploited Windows MSHTML Vulnerability For Over A Year

Researchers have revealed that the Windows MSHTML vulnerability, which was recently patched, had been under attack for over a year before Microsoft could address it. While a patch has now been released, it is crucial for all vulnerable systems to apply the fix and conduct scans for potential infiltration.

Exploiting Windows MSHTML Vulnerability on Windows 10 and 11

Check Point Research (CPR) has reported that malicious actors exploited the Windows MSHTML vulnerability, now fixed, for a period of eighteen months.

The exploit leveraged a vulnerable “mhtml” trick that allowed the attacker to call Internet Explorer instead of Microsoft Edge.

Despite Microsoft’s move to replace Internet Explorer with Microsoft Edge and end support in 2022, the older browser remains accessible on Windows 10 systems, where it was available at the OS launch. CPR noted similar behavior on the latest Windows 11, which poses a risk to even the newest Windows systems.

The researchers detailed how attackers used a novel tactic to entice users into opening maliciously crafted files. By concealing the “.url” extension as PDF files, users were tricked into triggering Internet Explorer, leading to the download of data-stealing malware from a malicious website.

Although the attack process may raise red flags for savvy users with multiple prompts, unsuspecting users may fall victim without noticing the alerts.

For more information on the attack strategy, refer to the researchers’ post.

Microsoft’s Fix for the Vulnerability in July 2024 Patch Tuesday

Upon discovery, Check Point Research promptly notified Microsoft of the vulnerability in May 2024. Microsoft addressed the issue as a zero-day vulnerability in the July 2024 Patch Tuesday updates.

While the patch is now available, users are advised to exercise caution when opening .url files from untrusted sources.

Share your thoughts in the comments section below.