Microsoft has long begun sunsetting the old and much aligned Internet Explorer browser. Under normal circumstances, users with a PC running an up-to-date Windows version should not even be able to launch it. But recently a report has claimed that cybercriminals have managed to use its infamous lack of security to remotely take over computers.
Security company Check Point reports that the trick behind this is using specific HTML code hidden in a .url file that’s disguised as a PDF file. This way, hackers can trick victims into running said file that forces itself to be opened by Internet Explorer, rather than any of the more modern – and secure – browsers. The silver lining is that anyone falling victim to this has between one and two chances to realise something is wrong before handing control over to the cybercriminal. From the report, it sounds like you’ll also have to be tricked into downloading the infected file in the first place as well.
If all this sounds strange to you – because Microsoft was previously pretty aggressive about removing Internet Explorer from modern versions of Windows (read: 10 and 11) – you’re not alone. That being the case, the report cites a company representative that says that despite IE having been retired, it is “technically speaking” still a part of the Windows OS, and is “not inherently unsafe, as IE is still serviced for security vulnerabilities”.
In any case, the report notes that having notified Microsoft back in May, the company has plugged this security hole with the recent Windows update, released on 9 July. It’s probably a good idea to get it downloaded and installed, lest you fall victim to this unusual, but no less detrimental, security flaw.
(Source: Check Point)
