Hackers have found a vulnerability in Windows to attack through the long-outdated and disabled Internet Explorer browser, despite Microsoft’s security measures. To do this, they use files with .url and .hta shortcuts. If the user confirms that they are opened, malware is immediately downloaded to their computer.
Cybersecurity experts from Check Point have discovered a new attack scheme on computers running Windows 10 and Windows 11 that exploits a vulnerability in the outdated Internet Explorer browser. reports PCMag Even though Microsoft officially stopped supporting Internet Explorer and permanently disabled it from its operating system last year, hackers have found a way to install malware through it.
Check Point researcher Haifei Li revealedthat attackers use Windows shortcut files with the .url extension, which can be configured to call Internet Explorer. Let’s say right away that this method will not allow you to bypass the modern protection system present in newer browsers such as Chrome or Edge.
The attack is especially effective when using phishing emails or malicious attachments. Lee found that hackers disguise shortcuts as PDF files. When such a shortcut is opened, Internet Explorer downloads the malware as an .hta file if the user confirms all the prompts.
Will Dorman, a security expert, noted that modern browsers block the download of .hta files, while Internet Explorer only displays a text warning that users can easily ignore if they don’t know better. What’s especially dangerous is that Microsoft has stopped releasing security updates for Internet Explorer, allowing hackers to exploit unpatched vulnerabilities through the browser.
Check Point research has shown that these attacks have been going on since at least January 2023. The good news is that Microsoft has released a patch in response to the vulnerability that prevents Internet Explorer from being launched via file shortcuts. The experts also recommend that Windows users be especially careful when working with files with .url extensions obtained from untrusted sources.
If you notice an error, select it with your mouse and press CTRL+ENTER.