Microsoft Rushes to Patch Critical Windows Vulnerability Urgent Update Fixes Zero-Day Exploit Used in Ongoing Malware Attacks

 Microsoft Rushes to Patch Critical Windows Vulnerability

Microsoft has released an urgent patch for a high-severity zero-day vulnerability, CVE-2024-38112, after discovering that threat actors were actively exploiting it to spread malware. The flaw affects Windows systems and allows attackers to disguise malicious Internet Shortcut (.URL) files as harmless PDF documents.

The exploit was discovered by security researchers at Check Point in an ongoing campaign attributed to the "DarkMe" group, linked to the Lazarus Group. Attackers used malicious ZIP archives containing .URL files with PDF icons, which, when clicked, launched a hidden HTML application (HTA) and bypassed Windows security prompts. This allowed malware to be activated, potentially stealing sensitive data or granting attackers remote access.

The vulnerability leveraged flaws in Windows Shell design, enabling shortcut files to silently deliver malicious code without triggering security warnings. Microsoft has released a fix in its July 2025 Patch Tuesday update, adjusting how Windows handles Internet Shortcut files and restricting HTA execution paths.

Given the active exploitation of this vulnerability, Microsoft urges all Windows users to install the latest updates immediately to prevent ongoing attacks. The patch is crucial for protecting individuals and businesses from this serious threat.