Microsoft Internet Explorer Archives

Winsage

July 23, 2024

Windows users targeted with zero-day attacks via Internet Explorer

- CVE-2024-38112 is a vulnerability in the Microsoft MSHTML platform, allowing for a spoofing attack using malicious MHTML files. - The vulnerability was addressed in the July 2024 Patch Tuesday release, but remains significant due to delayed updates, legacy systems, and evolving attack techniques. - The Void Banshee group has been actively exploiting this vulnerability to distribute the Atlantida info-stealer, emphasizing the importance of timely security updates and patch management.

Winsage

July 10, 2024

Resurrecting Internet Explorer — the nasty threat impacting potentially millions of Windows 10 and 11 users

Check Point Research has identified a critical zero-day spoofing attack targeting Microsoft Internet Explorer on modern Windows 10/11 systems. The vulnerability, known as CVE-2024-38112, allows attackers to remotely execute code by tricking users into opening malicious Internet Shortcut (.url) files.