Microsoft Patches Serious Browser Exploit Used To Hack Security Researchers
In January, Google warned security researchers about sneaky social engineering and hacking attempts coming from North Korea. Originally, the Google Threat Analysis Group (TAG), and other researchers found that the North Korean hacker’s blog compromised anyone who visited the website. Now, Microsoft has patched the critical vulnerability that affected the researchers through Internet Explorer and Microsoft Edge.
When TAG announced the researcher attacks earlier this year, several people came forward, explaining that fake researchers reached out to them to “collaborate” on a project. After some time of building trust, the malicious hackers asked the researchers to use Internet Explorer to open a webpage that would subsequently download and install a malicious service and backdoor to the system, which contacted a command server owned by the hackers.
The vulnerability, tracked as CVE-2021-26411, was rated an 8.8 on the CVSS scale, meaning it was quite dangerous. Microsoft explained in its report that exploiting the vulnerability was ultimately fairly simple using a specially crafted website, but it required user interaction, which likely lead to a lower score.
Besides Internet Explorer, Microsoft Edge is also vulnerable to the issue, so anyone concerned about being targeted should download the recent Windows Updates released on Tuesday. Microsoft also patched several other vulnerabilities, so all Windows users should go ahead and update anyhow. Ultimately, it is always good to keep Windows up to date and remain cautious of links and files from unknown parties.