Windows MSHTML zero-day used in malware attacks for over a year
July 10, 2024 at 12:08PM Microsoft fixed a Windows zero-day vulnerability (CVE-2024-38112) used to exploit Internet Explorer and launch malicious scripts. Threat actors distributed Windows Internet Shortcut Files to spoof legitimate-looking files, tricking users into downloading and running HTA files disguised as PDFs. The flaw is fixed in July 2024 Patch Tuesday updates, directing mhtml: … Read more