Microsoft has released updates for Windows 10 and 11 to address a critical security flaw that allows hackers to exploit Internet Explorer to install malware on victims’ computers. The attack begins with an email urging recipients to download an attachment. Once the files are opened, Internet Explorer is triggered to download malware disguised as a URL file, making the browser believe it’s opening a harmless PDF.
Although Microsoft has officially “retired and out-of-support” Internet Explorer, and it has been disabled on most systems, the browser is still technically part of Windows. This allows cybercriminals to continue using it as an attack vector. Since Internet Explorer no longer receives updates, it poses a greater security risk compared to supported browsers like Chrome and Edge. Hackers could exploit this flaw, known as CVE-2024-38113, to gain remote access to a computer, among other potential threats.
The vulnerability was first discovered by the Israeli security firm Check Point, which reported it to Microsoft on May 16th. After working closely with the company, a fix was included in the July ‘Patch Tuesday’ security updates, released on July 9th. These updates are automatically installed on most computers unless IT administrators have disabled automatic updates.
