Express. Home of the Daily and Sunday Express.
A scary new Windows threat has been discovered that could leave your PC at risk of cyber attacks.
By David Snelling, Technology Editor
Windows 10 update fixes scary new bug (Image: MICROSOFT)
Anyone with a Windows 10 or Windows 11 PC would be wise to check for the latest software update from Microsoft. A recent patch from the US technology giant has just been released that fixes a worrying flaw that could give hackers access to personal data held on devices. The bug, which was first spotted by the team at Check Point Research (CPR), uses a crafty trick that attacks PCs via dormant Internet Explorer (IE) software.
Related articles
- New Microsoft update shows end of Windows 10 may have started early
- Microsoft puts Windows 11 users on notice: upgrade now or your PC isn’t secure
Although most people don't use this ageing web browsing tool anymore the platform is often still hidden within the operating system.
Hackers have worked out that they simply need to send out a normal-appearing PDF file - via fake emails - which contains special Windows Internet Shortcut files.
Once clicked these then secretly call on the retired Internet Explorer (IE) to visit the attacker-controlled URL.
Microsoft introduces Windows 11 in 2021
"Check Point Research recently discovered that threat actors have been using novel (or previously unknown) tricks to lure Windows users for remote code execution," Check Point explained.
"By opening the URL with IE instead of the modern and much more secure Chrome/Edge browser on Windows, the attacker gained significant advantages in exploiting the victim’s computer, although the computer is running the modern Windows 10/11 operating system.
"These exploitation tricks – which have been actively used in the wild for at least one year, work on the latest Windows 10/11 operating systems."
It's thought this type of attack has been taking place since early last year although it's currently unclear how many users may have been infected.
Trending
Luckily, as long as your PC is updated the bug will be blocked and hackers will no longer be able t to take advantage.
"CPR disclosed the vulnerability to Microsoft in May 2024; Microsoft published patches on 9 July 2024," Check Point added.
Microsoft has marked the update, named CVE-2024-38112, as important so you should install the latest system software as soon as you can.
"Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgements for more information," the Redmond firm said in its notes.
Invalid email
We use your sign-up to provide content in ways you've consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. Read our Privacy Policy
Microsoft
IPSO Regulated Copyright ©2024 Express Newspapers. "Daily Express" is a registered trademark. All rights reserved.
