July 12 – Check Point Software Technologies has provided new information about CVE-2024-38112, a Windows zero-day flaw that was fixed in this week’s Patch Tuesday release. The flaw may have been exploited for more than a year ahead of seeing a patch.

Vulnerability details

CVE-2024-38112 is a spoofing vulnerability in the MSHTML platform. The vulnerability received a score of 7.5 CVSS and is known to have been exploited in the wild.

According to a Microsoft advisory, to exploit the flaw, a cyber criminal would need to send a victim a malicious file that the victim would then have to open.

“Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL,” principal vulnerability researcher Haifei Li explained.

“By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.”

Patch installation

This vulnerability affects all hosts from Windows Server 2008 R2 and onwards, including clients.

Because this vulnerability is being exploited in the wild, it should be prioritized in terms of patching. Organizations that have installed the update are protected.

For a technical analysis of this vulnerability, click here. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.