Windows 10 users must check their settings to block scary new threat


Anyone with a Windows 10 or Windows 11 PC would be wise to check for the latest software update from Microsoft. A recent patch from the US technology giant has just been released that fixes a worrying flaw that could give hackers access to personal data held on devices. The bug, which was first spotted by the team at Check Point Research (CPR), uses a crafty trick that attacks PCs via dormant Internet Explorer (IE) software.

Although most people don’t use this ageing web browsing tool anymore the platform is often still hidden within the operating system.

Hackers have worked out that they simply need to send out a normal-appearing PDF file – via fake emails – which contains special Windows Internet Shortcut files.

Once clicked these then secretly call on the retired Internet Explorer (IE) to visit the attacker-controlled URL.

“Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution,” Check Point explained.

“By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.

“These exploitation tricks – which have been actively used in the wild for at least one year, work on the latest Windows 10/11 operating systems.”

It’s thought this type of attack has been taking place since early last year although it’s currently unclear how many users may have been infected.

Luckily, as long as your PC is updated the bug will be blocked and hackers will no longer be able t to take advantage.

“CPR disclosed the vulnerability to Microsoft in May 2024; Microsoft published patches on 9 July 2024,” Check Point added.

Microsoft has marked the update, named CVE-2024-38112, as important so you should install the latest system software as soon as you can.

“Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgements for more information,” the Redmond firm said in its notes.



Source link

Leave a Reply

Back To Top