For Microsoft, July will not go down as a good month on the security front. Those images of countless blue screens around the world will stick. And while the issue sits with CrowdStrike not Microsoft, appearances matter. Wall-to-wall outage headlines also make it all too easy to forget actual Windows threats lurking in the background per warnings before CrowdStrike struck. But such forgetfulness can be dangerous.
Earlier this month, before blue screens of death started trending, both CheckPoint and Trend Micro advised that Windows 10 and 11 users are now at risk from a âpreviously unknownâ threat that cleverly wakens the Internet Explorer code buried under the covers of hundreds of millions of PCs, exploiting wide-open security holes.
As Check Point warned on July 9, âattackers are using special Windows Internet Shortcut files, which, when clicked, call the retired Internet Explorer (IE) to visit the attacker-controlled URL⦠By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victimâs computer, although the computer is running the modern Windows 10/11 operating system.â
Then just days later, Trend Micro ramped up the threat level, warning that the vulnerability âwas used as a zero-day to access and execute files through the disabled Internet Explorer using MSHTML⦠infect[ing] victim machines with the Atlantida info-stealer, which focuses on pilfering system information and sensitive data (like passwords and cookies) from various applications.â
Following Check Pointâs disclosure, the US government added the vulnerability to its Known Exploit Vulnerability catalog, warning users that Windows has âa spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.â
The vulnerability has been patched, users just need to ensure their Windows PCs are updated. CISAâs mandate means US federal employees must apply that update by July 30 or stop using their PCs. All other organizationsâ-and even home usersâshould follow suit given the current Windows threat landscape: per Check Point, Trend Micro and CISA, we know this vulnerability has been exploited in the wild. More alarmingly, Check Point says those attacks have been ongoing for more than 12-months.
Microsoft publicly acknowledged that the vulnerability had been exploited in its July update, telling me âwe greatly appreciate [Check Pointâs] Haifei Li for this research and for responsibly reporting it under a coordinated vulnerability disclosure. Customers who have installed the update are already protected.â
Check Point told me the vulnerability was âespecially surprising⦠leveraging Internet Explorer, which many users may not realize is even on their computer⦠All Windows users [should] immediately apply the Microsoft patch to protect themselves.â
Ironically, CVE-2024-38112 isnât the only Internet Explorer vulnerability to make it onto CISAâs most-dangerous list this month. CVE-2012-4792 has also just cropped upâa specific warning about a âuser after freeâ Internet Explorer memory vulnerability despite its end-of-life status. This time around, the CISA mandate is even clearer: âThe impacted product is end-of-life and should be disconnected if still in use.â
The pre-update risk for PC users is best summed by Trend Micro, which described it as âa prime example of how unsupported Windows relics are an overlooked attack surface that can still be exploited by threat actors to infect unsuspecting users with ransomware, backdoors, or as a conduit for other kinds of malware.â
The Windows outage this monthâregardless of its causeâswamped the news cycle. While the CrowdStrike issue has been painful and costly, itâs not itself a cyber threatâalbeit bad actors are now clearly taking advantage of the confusion. The quieter threat per CISAâs warning is exactly the opposite; you wonât know youâve been hit until itâs too late. So, make sure you apply the update, if it isnât installed already.
#Microsoft #Windows #DeadlineâWhy #Update #July,
#Microsoft #Windows #DeadlineâWhy #Update #July