Hackers Exploited Windows MSHTML Vulnerability For Over A Year

Share Tweet Researchers revealed that the recently patched Windows MSHTML vulnerability remained under attack for over a year before Microsoft could fix it. While the vulnerability has now received a patch, it remains crucial for all vulnerable systems to apply the fix and scan their systems for potential infiltration.

According to Check Point Research (CPR), criminal hackers had exploited the recently fixed Windows MSHTML vulnerability for eighteen months. As explained, the exploit worked because of the vulnerable “mhtml” trick that allowed the adversary to call Internet Explorer instead of Microsoft Edge. While Microsoft has replaced the Internet Explorer browser with Microsoft Edge, ending support in 2022, it remains somewhat accessible on Windows 10 systems, where it was available at the time of OS launch. In fact, CPR observed the same behavior with the latest Windows 11 too, which makes even the most recent Windows systems vulnerable to the MSHTML attack. Regarding the exploit, the researchers stated that the attackers used a previously unknown trick to lure users into opening maliciously crafted files. The trick allowed the attackers to create files with .url extension

According to Check Point Research (CPR), criminal hackers had exploited the recently fixed Windows MSHTML vulnerability for eighteen months. As explained, the exploit worked because of the vulnerable “mhtml” trick that allowed the adversary to call Internet Explorer instead of Microsoft Edge. While Microsoft has replaced the Internet Explorer browser with Microsoft Edge, ending support in 2022, it remains somewhat accessible on Windows 10 systems, where it was available at the time of OS launch. In fact, CPR observed the same behavior with the latest Windows 11 too, which makes even the most recent Windows systems vulnerable to the MSHTML attack. Regarding the exploit, the researchers stated that the attackers used a previously unknown trick to lure users into opening maliciously crafted files. The trick allowed the attackers to create files with .url extensions

However, to evade detection, the attackers hid the “.url” extension, making the files appear as PDF files. Clicking the file would open the Internet Explorer browser, downloading an archive with the data-stealing malware from the attacker-controlled web page. While the process would generate several prompts that may alarm a savvy user, an average user may not pay attention to the prompts, eventually falling prey to the attack.

Upon discovering the vulnerability, Check Point Research reported the matter to Microsoft in May 2024. In response, the tech giant patched the vulnerability with the July 2024 Patch Tuesday updates, disclosing the flaw as a zero-day. Though the patch has arrived, the researchers still advise the users to remain cautious when opening .url files from untrusted sources.

References:

https://latesthackingnews.com/2024/07/15/hackers-exploited-windows-mshtml-vulnerability-for-over-a-year/