Internet Explorer is still a viable zero-day attack vector

North Korea-backed hacker group APT37 has exploited a previously unknown zero-day vulnerability in Internet Explorer to target individuals in South Korea with malware, according to Google’s Threat Analysis Group. The vulnerability, labeled as CVE-2022-41128, was patched by Microsoft on November 8. The attack vector involved manipulation of a Microsoft Office document, which downloaded remote HTML content.