Microsoft has patched a Windows zero-day vulnerability, CVE-2024-38112, that was exploited for 18 months to bypass security features and launch malicious scripts. Discovered by Check Point Research, the flaw allowed threat actors to use Internet Shortcut Files (.url) with the mhtml: URI handler to open URLs in Internet Explorer, downloading HTA files disguised as PDFs. This tactic exploited fewer security warnings in Internet Explorer, leading to the installation of the Atlantida Stealer malware. Microsoft has now fixed the issue by unregistering the mhtml: URI from Internet Explorer, redirecting it to Microsoft Edge instead.