Security News > 2024 > February > Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild.
CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.
In short, victims were tricked into downloading a file they believed to be a photo, but was actually a malicious Internet Shortcut file, which pointed to another internet shortcut file which contained the logic to exploit a previously patched Microsoft Defender SmartScreen bypass vulnerability.
CVE-2024-21351 is bypass of the Windows SmartScreen security feature that can be similarly exploited to deliver malware, after convincing prospective victims to open a booby-trapped file.
"Windows uses Mark-of-the-Web to distinguish files that originate from an untrusted location. SmartScreen bypasses in Windows Defender allow attackers to evade this inspection and run code in the background," noted Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative.
Finally, there's CVE-2024-21413, a remote code execution vulnerability affecting Microsoft Office, which may allow attackers to bypass the Office Protected View and open a file in editing mode.
News URL
https://www.helpnetsecurity.com/2024/02/13/cve-2024-21412-cve-2024-21351/
Related news
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047) (source)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 9.8 |
| 2024-02-13 | CVE-2024-21412 | Unspecified vulnerability in Microsoft products Internet Shortcut Files Security Feature Bypass Vulnerability | 8.1 |
| 2024-02-13 | CVE-2024-21351 | Code Injection vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 7.6 |