This Microsoft Windows warning affects over 1 billion users
July will not be a good month for Microsoft in terms of security, as it will leave countless images of blue screens around the world. And the issue is Crowdstrike It’s not about Microsoft, it’s about appearances. Wall-to-wall blackout headlines are also easy to forget. Actual Pre-attack warnings from CrowdStrike suggest that Windows threats lurk in the background, but this forgetfulness is dangerous.
Earlier this month, before the blue screen epidemic began, Checkpoint and Trend Micro The company warned that Windows 10 and 11 users are exposed to a “previously unknown” threat that exploits a wide-open security hole by cleverly invoking Internet Explorer code buried in the background of hundreds of millions of PCs.
As a checkpoint Warned On July 9th, “the attackers used special Windows Internet shortcut files that, when clicked, would invoke the deprecated Internet Explorer (IE) and visit an attacker-controlled URL… By opening the URL in IE instead of the more modern and more secure Chrome/Edge browsers on Windows, the attackers gained a significant advantage in exploiting the victim’s computer, even though it was running the latest Windows 10/11 operating system.”
A few days later, Trend Micro raised the threat level, caveat The vulnerability was “used as a zero-day attack to access and execute files from a disabled Internet Explorer using MSHTML,” the company said.[ing] “It installs the Atlantida information stealer on the victim’s machine, which focuses on stealing system information and sensitive data (such as passwords and cookies) from various applications.”
Following Checkpoint’s disclosure, the U.S. government Known Vulnerabilities The catalogue warns users that Windows has a “spoofing vulnerability with significant impact to confidentiality, integrity, and availability.”
The vulnerability has been fixed and users just need to ensure their Windows PCs are updated. Per CISA’s order, US Federal Government employees must apply the updates by July 30 or stop using their PCs. Given the current Windows threat landscape, all other organizations, and even home users, should follow suit. According to Check Point, Trend Micro and CISA, the vulnerability has been found to be exploited in the wild. Even more alarming, Check Point says these attacks have been ongoing for over 12 months.
Microsoft publicly acknowledged that the vulnerability had been exploited in the wild in its July update, saying: [Check Point’s] We’d like to thank Haifei Li for this research and for responsibly reporting it under coordinated vulnerability disclosure. Customers who installed the update are already protected.”
Check Point said the vulnerability was “particularly alarming… because it exploits Internet Explorer, which many users may not even know is installed on their computers… and is a vulnerability that could affect all Windows users.” [should] Protect yourself by applying Microsoft’s patch immediately.”
Ironically, CVE-2024-38112 This isn’t the only Internet Explorer vulnerability that made it onto CISA’s most dangerous list this month. 2012-4792 vulnerability There’s also a specific warning about the Internet Explorer “user after free” memory vulnerability, despite its end-of-support status. This time, CISA’s instructions are even clearer: “Affected products have reached end of support and should be disconnected if still in use.”
The pre-update risk to PC users is best summed up by Trend Micro, which describes it as “a prime example of how unsupported Windows relics remain an often-overlooked attack surface that can be exploited by threat actors to infect unsuspecting users with ransomware or backdoors, or used as a conduit for other types of malware.”
This month’s Windows outages, whatever their cause, dominated the news cycle. The CrowdStrike issue was painful and costly, but it’s not a cyber threat in itself, although it’s clear that bad actors are taking advantage of the confusion. The silent threat that CISA warned about is just the opposite: you don’t know you’ve been attacked until it’s too late. So make sure you apply the updates if you haven’t already.
