“Internet Explorer (IE) has officially ended support on June 15, 2022,” the researchers explain. “Additionally, IE has been officially disabled through later versions of Windows 10, including all versions of Windows 11. Disabled, however, does not mean IE was removed from the system. The remnants of IE exist on the modern Windows system, though it is not accessible to the average user.”

The IE components that still exist in Windows continue to receive security updates, but users can’t easily open the browser user interface. For browsing tasks that require IE compatibility, Microsoft offers IE mode for Edge, which mimics IE features but operates inside Microsoft Edge’s strong and modern security sandbox.

The same technique of using mhtml:[URL]l!x-usc:[URL] links to invoke the MHTML protocol handler was used in the exploitation of a different vulnerability in 2021 tracked as CVE-2021-40444. However, in that case, the trick was used in Word documents, but this is the first time seen in Windows shortcut files.