A new FileFix attack exploits browser handling of saved HTML webpages to execute malicious scripts without triggering Windowsโ Mark of the Web protection. Attackers use social engineering to trick victims into saving and renaming HTML or HTA files, which run embedded scripts through mshta.exe, bypassing security warnings. #FileFix #mshta.exe
Keypoints
- The attack exploits how browsers process saved HTML pages to bypass security protections.
- Victims are tricked into saving a webpage and renaming it as an HTA file using social engineering.
- HTA files can execute embedded scripts without warnings via the mshta.exe utility.
- Saving HTML files as โWebpage, Completeโ prevents the Mark of the Web from being applied.
- Disabling mshta.exe and enabling file extension visibility can help prevent this attack.