“Internet Explorer (IE) officially ended support on June 15, 2022,” the researchers explained. “Additionally, IE has been officially disabled in recent versions of Windows 10, including all versions of Windows 11. Disabling, however, does not mean that IE has been removed from the system. Remnants of IE exist in the modern Windows operating system, although they are not accessible to the average user.”
Parts of IE that still exist in Windows continue to receive security updates, but users cannot easily open the user interface. For browsing activities that require IE compatibility, Microsoft offers an IE mode for Edge, which mimics the features of IE but operates within the robust and modern security sandbox of Microsoft Edge.
Similar way to use mhtml:[URL]l!x-usc:[URL] links to invoke the MHTML protocol handler were used to exploit a different vulnerability in 2021 tracked as CVE-2021-40444. Well, in that case, the trick was used in Word documents, but this is the first time it was seen in Windows shortcut files.
Source link