Hackers have found a way to exploit Internet Explorer to attack Windows PCs, despite Microsoft having disabled the browser in Windows 10 and 11. A cybersecurity report from Check Point details how hackers use Windows Internet Shortcut files with the .url extension to summon Internet Explorer. This outdated browser can then be used to download malware onto a victim’s computer.
The tactic involves tricking users into opening booby-trapped shortcut files disguised as PDFs. Once opened, Internet Explorer downloads a malicious program as a .hta file. Unlike modern browsers like Edge, which block .hta downloads, Internet Explorer only shows a warning that users can easily ignore.
Check Point researcher Haifei Li noted that the malicious .url samples date back to January 2023, indicating the technique has been used for over a year. The major concern is that Internet Explorer no longer receives security updates, making it vulnerable to unpatched exploits.
Fortunately, Microsoft has released a patch to prevent shortcut files from triggering Internet Explorer. Users are advised to be cautious with .url files from untrusted sources and ensure their systems are up to date with the latest security patches.
