Security News > 2024 > February > Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild.
CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.
In short, victims were tricked into downloading a file they believed to be a photo, but was actually a malicious Internet Shortcut file, which pointed to another internet shortcut file which contained the logic to exploit a previously patched Microsoft Defender SmartScreen bypass vulnerability.
CVE-2024-21351 is bypass of the Windows SmartScreen security feature that can be similarly exploited to deliver malware, after convincing prospective victims to open a booby-trapped file.
"Windows uses Mark-of-the-Web to distinguish files that originate from an untrusted location. SmartScreen bypasses in Windows Defender allow attackers to evade this inspection and run code in the background," noted Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative.
Finally, there's CVE-2024-21413, a remote code execution vulnerability affecting Microsoft Office, which may allow attackers to bypass the Office Protected View and open a file in editing mode.
News URL
https://www.helpnetsecurity.com/2024/02/13/cve-2024-21412-cve-2024-21351/
Related news
- Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) (source)
- Microsoft fixes exploited zero-day (CVE-2024-49138) (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- How a Windows zero-day was exploited in the wild for months (CVE-2024-43451) (source)
- Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) (source)
- Microsoft launches Zero Day Quest hacking event with $4 million in rewards (source)
- Microsoft announces Zero Day Quest hacking event with big rewards (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 0.0 |
| 2024-02-13 | CVE-2024-21412 | Unspecified vulnerability in Microsoft products Internet Shortcut Files Security Feature Bypass Vulnerability | 0.0 |
| 2024-02-13 | CVE-2024-21351 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 0.0 |