Hackers exploits Internet Explorer zero-day vulnerability

According to Google’s Threat Analysis Group, North Korean state-sponsored hackers used a previously unknown zero-day vulnerability in Internet Explorer known as CVE-2022-41128 (CVSS score of 8.8) in one of Windows JavaScript scripting languages, JScript9, the JavaScript engine used in IE11, to target South Korean users with malware.

The flaw affected Windows 7 through Windows 11, as well as Windows Server 2008 until 2022.

According to a report from Google’s Threat Analysis Group (TAG) on Wednesday, researchers notified Microsoft about CVE-2022-41128 and the issue was patched “within a few hours.”

“This vulnerability requires that a user with an affected version of Windows accesses a malicious server. An attacker would have to host a specially crafted server share or website,” Microsoft warned at the time. Adding that an attacker would need to entice the intended victim into visiting a specially crafted server share or website to trigger the exploit.

Because Office renders HTML content using IE, the attackers distributed the IE exploit in an Office document. Because, even if Chrome is set as the default, Office defaults to the IE engine when it contacts HTML or web content, IE exploits have been delivered via Office since 2017.

After opening the document, an unknown payload would be delivered after downloading a rich text file (RTF) remote template that would render remote HTML using Internet Explorer. Despite the fact that Internet Explorer was officially retired in June and replaced by Microsoft Edge, Office continues to use the IE engine to execute the JavaScript that allows the attack.

The sources for this piece include an article in ZDNet.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web