Security News > 2024 > February > Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild.
CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.
In short, victims were tricked into downloading a file they believed to be a photo, but was actually a malicious Internet Shortcut file, which pointed to another internet shortcut file which contained the logic to exploit a previously patched Microsoft Defender SmartScreen bypass vulnerability.
CVE-2024-21351 is bypass of the Windows SmartScreen security feature that can be similarly exploited to deliver malware, after convincing prospective victims to open a booby-trapped file.
"Windows uses Mark-of-the-Web to distinguish files that originate from an untrusted location. SmartScreen bypasses in Windows Defender allow attackers to evade this inspection and run code in the background," noted Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative.
Finally, there's CVE-2024-21413, a remote code execution vulnerability affecting Microsoft Office, which may allow attackers to bypass the Office Protected View and open a file in editing mode.
News URL
https://www.helpnetsecurity.com/2024/02/13/cve-2024-21412-cve-2024-21351/
Related news
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- DslogdRAT Malware Deployed via Ivanti ICS Zero-Day CVE-2025-0282 in Japan Attacks (source)
- Commvault Confirms Hackers Exploited CVE-2025-3928 as Zero-Day in Azure Breach (source)
- Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756) (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 0.0 |
| 2024-02-13 | CVE-2024-21412 | Unspecified vulnerability in Microsoft products Internet Shortcut Files Security Feature Bypass Vulnerability | 0.0 |
| 2024-02-13 | CVE-2024-21351 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 0.0 |