Hackers exploits Internet Explorer zero-day vulnerability

Share post:

According to Google’s Threat Analysis Group, North Korean state-sponsored hackers used a previously unknown zero-day vulnerability in Internet Explorer known as CVE-2022-41128 (CVSS score of 8.8) in one of Windows JavaScript scripting languages, JScript9, the JavaScript engine used in IE11, to target South Korean users with malware.

The flaw affected Windows 7 through Windows 11, as well as Windows Server 2008 until 2022.

According to a report from Google’s Threat Analysis Group (TAG) on Wednesday, researchers notified Microsoft about CVE-2022-41128 and the issue was patched “within a few hours.”

“This vulnerability requires that a user with an affected version of Windows accesses a malicious server. An attacker would have to host a specially crafted server share or website,” Microsoft warned at the time. Adding that an attacker would need to entice the intended victim into visiting a specially crafted server share or website to trigger the exploit.

Because Office renders HTML content using IE, the attackers distributed the IE exploit in an Office document. Because, even if Chrome is set as the default, Office defaults to the IE engine when it contacts HTML or web content, IE exploits have been delivered via Office since 2017.

After opening the document, an unknown payload would be delivered after downloading a rich text file (RTF) remote template that would render remote HTML using Internet Explorer. Despite the fact that Internet Explorer was officially retired in June and replaced by Microsoft Edge, Office continues to use the IE engine to execute the JavaScript that allows the attack.

The sources for this piece include an article in ZDNet.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways