• floofloof@lemmy.ca
    link
    fedilink
    English
    arrow-up
    6
    ·
    5 months ago

    “The threat actor leveraged CVE-2024-38112 to execute malicious code by abusing the MHTML protocol handler and x-usc directives through internet shortcut (URL) files. Using this technique, the threat actor was able to access and run files directly through the disabled Internet Explorer instance on Windows machines,” Trend Micro researchers noted.

    Which Windows machines still have remnants of Internet Explorer on them? Do Windows 11 machines still include a disabled Internet Explorer or core components of Internet Explorer?

    • corsicanguppy@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      I’m gonna say yes. MS are as bad of packrats as anyone else, and every time we look there’s some crusty old stuff in there.

        • floofloof@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          5 months ago

          To be fair, they’re kind of held hostage by users’ long-held expectations of backwards compatibility, and they have made progress over the last few years. No doubt there’s nasty stuff in there still, and recent revelations about the Solar Winds hack show Microsoft has a culture of prioritizing immediate profit over security.