CYBER SECURITY

Microsoft re-categorizes fixed Trident bug as zero day


“Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL,” explained Li in a July Check Point Research report.

The URLs were employed to download a malicious HTA file and prompt the user to open it. Once opened, a script is executed to install the Atlantida info-stealer.

These HTA files also exploited CVE-2024-43461 to conceal the HTA file extension and make it appear as a PDF when Windows asked users if the file should be opened. The fix from Microsoft, when applied, will allow Windows to show the actual .hta extension, thereby alerting users against the malicious download.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button