{"id":56536,"date":"2024-07-11T13:58:25","date_gmt":"2024-07-11T13:58:25","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36093\/Threat-Actors-Exploited-Windows-0-Day-For-More-Than-A-Year-Before-Microsoft-Fixed-It.html"},"modified":"2024-07-11T13:58:25","modified_gmt":"2024-07-11T13:58:25","slug":"threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/","title":{"rendered":"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/06\/malware-800x451.jpg\" alt=\"Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2024\/07\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">65<\/span> <\/a> <\/aside>\n<p> <!-- cache hit 12:single\/related:0492dea81e3cd4618dcd02aa43774c95 --><!-- empty --><\/p>\n<p>Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday.<\/p>\n<p>The vulnerability, present in both Windows 10 and 11, causes devices to open Internet Explorer, a legacy browser that Microsoft <a href=\"https:\/\/blogs.windows.com\/windowsexperience\/2022\/06\/15\/internet-explorer-11-has-retired-and-is-officially-out-of-support-what-you-need-to-know\/\">decommissioned<\/a> in 2022 after its aging code base made it increasingly susceptible to exploits. Following the move, Windows made it difficult, if not impossible, for normal actions to open the browser, which was first introduced in the mid-1990s.<\/p>\n<h2>Tricks old and new<\/h2>\n<p>Malicious code that exploits the vulnerability dates back to at least January 2023 and was circulating as recently as May this year, according to the researchers who discovered the vulnerability and reported it to Microsoft. The company <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-38112\">fixed<\/a> the vulnerability, tracked as CVE-2024-CVE-38112, on Tuesday as part of its monthly patch release program. The vulnerability, which resided in the MSHTML engine of Windows, carried a severity rating of 7.0 out of 10.<\/p>\n<p>The researchers from security firm Check Point said the attack code executed \u201cnovel (or previously unknown) tricks to lure Windows users for remote code execution.\u201d A link that appeared to open a PDF file appended a .url extension to the end of the file, for instance, Books_A0UJKO.pdf.url, found in one of the <a href=\"https:\/\/www.virustotal.com\/gui\/file\/c9f58d96ec809a75679ec3c7a61eaaf3adbbeb6613d667257517bdc41ecca9ae\/details\">malicious code samples<\/a>.<\/p>\n<p>When viewed in Windows, the file showed an icon indicating the file was a PDF rather than a .url file. Such files are designed to open an application specified in a link.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/disguised-url-file.png\" class=\"enlarge\" data-height=\"1058\" data-width=\"1446\" alt=\"Screenshot showing a file named Books_A0UJKO.pdf. The file icon indicates it's a PDF.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Screenshot showing a file named Books_A0UJKO.pdf. The file icon indicates it's a PDF.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/disguised-url-file-640x468.png\" width=\"640\" height=\"468\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/disguised-url-file-1280x937.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/disguised-url-file.png\" class=\"enlarge-link\" data-height=\"1058\" data-width=\"1446\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Screenshot showing a file named Books_A0UJKO.pdf. The file icon indicates it&#8217;s a PDF.<\/div>\n<div class=\"caption-credit\">Check Point<\/div>\n<\/figcaption><\/figure>\n<p>A link in the file made a call to msedge.exe, a file that runs Edge. The link, however, incorporated two attributes\u2014mhtml: and !x-usc:\u2014an \u201cold trick\u201d threat actors have been using for years to cause Windows to open applications such as MS Word. It also included a link to a malicious website. When clicked, the .url file disguised as a PDF opened the site, not in Edge, but in Internet Explorer.<\/p>\n<p>\u201cFrom there (the website being opened with IE), the attacker could do many bad things because IE is insecure and outdated,\u201d Haifei Li, the Check Point researcher who discovered the vulnerability, wrote. \u201cFor example, if the attacker has an IE zero-day exploit\u2014which is much easier to find compared to Chrome\/Edge\u2014the attacker could attack the victim to gain remote code execution immediately. However, in the samples we analyzed, the threat actors didn\u2019t use any IE remote code execution exploit. Instead, they used another trick in IE\u2014which is probably not publicly known previously\u2014to the best of our knowledge\u2014to trick the victim into gaining remote code execution.\u201d<\/p>\n<p>IE would then present the user with a dialog box asking them if they wanted to open the file masquerading as a PDF. If the user clicked \u201copen,\u201d Windows presented a second dialog box displaying a vague notice that proceeding would open content on the Windows device. If users clicked \u201callow,\u201d IE would load a file ending in .hta, an extension that causes Windows to open the file in Internet Explorer and run embedded code.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/IE-window-and-dialog-box.jpg\" class=\"enlarge\" data-height=\"878\" data-width=\"2102\" alt=\"Screenshot showing open IE window and IE-generated dialog box asking to open Books_A0UJKO.pdf file.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Screenshot showing open IE window and IE-generated dialog box asking to open Books_A0UJKO.pdf file.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/IE-window-and-dialog-box-640x267.jpg\" width=\"640\" height=\"267\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/IE-window-and-dialog-box-1280x535.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/IE-window-and-dialog-box.jpg\" class=\"enlarge-link\" data-height=\"878\" data-width=\"2102\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Screenshot showing open IE window and IE-generated dialog box asking to open Books_A0UJKO.pdf file.<\/div>\n<div class=\"caption-credit\">Check Point<\/div>\n<\/figcaption><\/figure>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/open-content-dialog-box.jpg\" class=\"enlarge\" data-height=\"912\" data-width=\"1508\" alt=\"Screenshot of IE Security box asking if user wants to &quot;open web content&quot; using IE.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Screenshot of IE Security box asking if user wants to &quot;open web content&quot; using IE.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/open-content-dialog-box-640x387.jpg\" width=\"640\" height=\"387\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/open-content-dialog-box-1280x774.jpg 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2024\/07\/open-content-dialog-box.jpg\" class=\"enlarge-link\" data-height=\"912\" data-width=\"1508\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Screenshot of IE Security box asking if user wants to &#8220;open web content&#8221; using IE.<\/div>\n<div class=\"caption-credit\">Check Point<\/div>\n<\/figcaption><\/figure>\n<p>\u201cTo summarize the attacks from the exploitation perspective: the first technique used in these campaigns is the \u201cmhtml\u201d trick, which allows the attacker to call IE instead of the more secure Chrome\/Edge,\u201d Li wrote. \u201cThe second technique is an IE trick to make the victim believe they are opening a PDF file, while in fact, they are downloading and executing a dangerous .hta application. The overall goal of these attacks is to make the victims believe they are opening a PDF file, and it is made possible by using these two tricks.\u201d<\/p>\n<p>The Check Point post includes cryptographic hashes for six malicious .url files used in the campaign. Windows users can use the hashes to check if they have been targeted.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36093\/Threat-Actors-Exploited-Windows-0-Day-For-More-Than-A-Year-Before-Microsoft-Fixed-It.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56537,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[5540],"class_list":["post-56536","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftflawpatch"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-11T13:58:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/06\/malware-800x451.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It\",\"datePublished\":\"2024-07-11T13:58:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/\"},\"wordCount\":710,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg\",\"keywords\":[\"headline,hacker,microsoft,flaw,patch\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/\",\"name\":\"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg\",\"datePublished\":\"2024-07-11T13:58:25+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/07\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg\",\"width\":800,\"height\":451},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,flaw,patch\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermicrosoftflawpatch\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/","og_locale":"en_US","og_type":"article","og_title":"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-07-11T13:58:25+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/06\/malware-800x451.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It","datePublished":"2024-07-11T13:58:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/"},"wordCount":710,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/07\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg","keywords":["headline,hacker,microsoft,flaw,patch"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/","url":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/","name":"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/07\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg","datePublished":"2024-07-11T13:58:25+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/07\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/07\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it.jpg","width":800,"height":451},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/threat-actors-exploited-windows-0-day-for-more-than-a-year-before-microsoft-fixed-it\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,flaw,patch","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftflawpatch\/"},{"@type":"ListItem","position":3,"name":"Threat Actors Exploited Windows 0-Day For More Than A Year Before Microsoft Fixed It"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56536"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56536\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56537"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56536"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56536"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}