Microsoft Warns of Critical Windows Vulnerability, Update Required by July 30
Microsoft is urging Windows 10 and 11 users to update their systems by July 30 to patch a serious security vulnerability that has been actively exploited for over a year.
Key Points:
- A previously unknown threat exploits dormant Internet Explorer code in Windows 10/11
- The vulnerability allows attackers to bypass modern browser security measures
- US government added it to the Known Exploit Vulnerability catalog
- Patch released, but users must update to be protected
Details of the Vulnerability
Security researchers at CheckPoint and Trend Micro recently uncovered a clever attack that takes advantage of Internet Explorer components still present in modern Windows systems. By using specially crafted shortcut files, attackers can force Windows to use the outdated and insecure Internet Explorer engine instead of modern browsers like Edge or Chrome.
According to CheckPoint, this gives attackers significant advantages in exploiting the victim's computer despite running an up-to-date operating system. Trend Micro reports the vulnerability has already been used to deploy info-stealing malware called Atlantida.
Government Warning
The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability (CVE-2024-38112) to its Known Exploit Vulnerability catalog. CISA warns it has a high impact to confidentiality, integrity, and availability and mandates that federal agencies patch systems by July 30.
Microsoft's Response
Microsoft has acknowledged the issue and released a patch. David Weston, Microsoft's VP for Enterprise and OS Security, stated: Customers who have installed the update are already protected.
However, the company is still working to determine the full scope of affected devices. Initial estimates only accounted for users who reported crashes, potentially underestimating the impact.
What Users Should Do
All Windows 10 and 11 users should ensure their systems are fully updated as soon as possible. Given that this vulnerability has been exploited in the wild for over a year, prompt action is crucial to protect against potential attacks.
Microsoft has also pledged to work with security vendors to reduce reliance on kernel drivers, which were at the heart of a separate recent issue that caused widespread outages.
As the threat landscape continues to evolve, keeping Windows systems updated remains a critical step in maintaining cybersecurity.
Emphasizing the importance of updating Windows systems to enhance cybersecurity as urged by Microsoft |