Microsoft urgently patched a critical zero-day vulnerability, CVE-2024-38112, after discovering that threat actors were actively exploiting it to spread malware. This high-severity flaw affects Windows systems and allows attackers to disguise malicious Internet Shortcut (.URL) files as seemingly harmless PDF documents. With a single click, unsuspecting users can trigger the malware payload, making this exploit extremely dangerous.

Hackers Weaponize CVE-2024-38112 in Live Malware Campaigns:

Security researchers at Check Point discovered the exploit during a live campaign run by the “DarkMe” group, which is associated with the Lazarus Group. The attackers deployed malicious ZIP archives that contained.URL files disguised with PDF icons.

When victims clicked the fake PDF icon, the.URL file triggered a hidden HTML application (HTA), effectively bypassing Windows security prompts. This process launched malware designed to either steal sensitive data or provide remote access to the attackers.

The attackers exploited flaws in the Windows Shell design to silently deliver malicious code through shortcut files without triggering any security warnings.

Windows Users Urged to Install Emergency Security Fix:

Microsoft confirmed the bug and addressed it in the July 2025 Patch Tuesday update. The company urged all Windows users to install the latest updates immediately to block ongoing attacks.

The update modifies how Windows processes Internet Shortcut files and limits HTA execution paths to stop deceptive delivery methods.

Since attackers are actively exploiting CVE-2024-38112 using familiar file types to trick users, Microsoft emphasized the urgent need for individuals and businesses to apply the patch without delay.

[embedpost slug=”microsoft-ends-25-year-operations-in-pakistan/”]