Particle.news
Download on the App Store
3 ARTICLES
·
9mo ago

Microsoft Patches Year-Long Internet Explorer Vulnerability Exploited by Cybercriminals

The zero-day flaw in the MSHTML engine allowed attackers to execute malicious code on Windows 10 and 11 systems.

Overview

  • The vulnerability, CVE-2024-38112, was exploited since January 2023 before being fixed in July 2024.
  • Attackers used deceptive PDF-like files to trick users into running harmful scripts.
  • The flaw had a severity rating of 7.0 and required user interaction to be exploited.
  • Microsoft's patch removes the ability to open malicious URLs in Internet Explorer.
  • Check Point researchers were the first to identify and report the vulnerability.