Actively Exploited MHTML Zero-day Fixed By Microsoft

Microsoft addressed a Windows zero-day vulnerability that had been exploited in attacks for eighteen months to execute malicious scripts, circumventing built-in security measures. The vulnerability, identified as CVE-2024-38112, involves high-severity MHTML spoofing and was patched in the July 2024 Patch Tuesday updates. Haifei Li of Check Point Research discovered the vulnerability and reported it to Microsoft in May 2024. According to Li's report, samples exploiting this flaw have been identified as early as January 2023. Read more...