Microsoft Patches Year-Long Internet Explorer Vulnerability Exploited by Cybercriminals

The zero-day flaw in the MSHTML engine allowed attackers to execute malicious code on Windows 10 and 11 systems.

The vulnerability, CVE-2024-38112, was exploited since January 2023 before being fixed in July 2024.
Attackers used deceptive PDF-like files to trick users into running harmful scripts.
The flaw had a severity rating of 7.0 and required user interaction to be exploited.
Microsoft's patch removes the ability to open malicious URLs in Internet Explorer.
Check Point researchers were the first to identify and report the vulnerability.