Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Zero-Day No More: Microsoft Finally Patches 18-Month-Old Windows Flaw Exploited by Hackers
Microsoft fixed a high-severity Windows zero-day vulnerability (CVE-2024-38112) exploited for 18 months, which allowed attackers to bypass security features using malicious scripts. The flaw, involving MHTML spoofing, was patched in July 2024. Internet Explorer’s lingering presence was key to this exploit, despite its supposed retirement.
Hot Take:
Internet Explorer: the browser that just won’t die, and neither will its vulnerabilities. Thanks for the nostalgia trip, Microsoft, but we didn’t need a side of malware with it!
Key Points:
- Microsoft fixed the CVE-2024-38112 zero-day vulnerability in July 2024.
- The flaw, actively exploited for 18 months, allowed attackers to launch malicious scripts bypassing built-in security features.
- Threat actors leveraged Internet Shortcut Files to spoof legitimate-looking files and distribute password-stealing malware.
- Internet Explorer’s outdated MHTML technology was the vector for these attacks.
- Microsoft’s patch now directs MHTML links to open in Edge instead of Internet Explorer.
Already a member? Log in here