Security News > 2024 > February > Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days that are being leveraged by attackers in the wild.
CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files.
In short, victims were tricked into downloading a file they believed to be a photo, but was actually a malicious Internet Shortcut file, which pointed to another internet shortcut file which contained the logic to exploit a previously patched Microsoft Defender SmartScreen bypass vulnerability.
CVE-2024-21351 is bypass of the Windows SmartScreen security feature that can be similarly exploited to deliver malware, after convincing prospective victims to open a booby-trapped file.
"Windows uses Mark-of-the-Web to distinguish files that originate from an untrusted location. SmartScreen bypasses in Windows Defender allow attackers to evade this inspection and run code in the background," noted Dustin Childs, head of threat awareness at Trend Micro Inc.'s Zero Day Initiative.
Finally, there's CVE-2024-21413, a remote code execution vulnerability affecting Microsoft Office, which may allow attackers to bypass the Office Protected View and open a file in editing mode.
News URL
https://www.helpnetsecurity.com/2024/02/13/cve-2024-21412-cve-2024-21351/
Related news
- Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234) (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days (source)
- CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) (source)
- Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2024-21413 | Unspecified vulnerability in Microsoft products Microsoft Outlook Remote Code Execution Vulnerability | 9.8 |
| 2024-02-13 | CVE-2024-21412 | Unspecified vulnerability in Microsoft products Internet Shortcut Files Security Feature Bypass Vulnerability | 8.1 |
| 2024-02-13 | CVE-2024-21351 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 7.6 |