Newly Discovered Vulnerability Allows Attackers to Bypass Security Measures
CVE-2024-21412
Key Information
- Vendor
- Microsoft
- Status
- Windows 11 Version 21h2
- Windows 10 Version 1809
- Windows 10 Version 21h2
- Windows Server 2022
- Vendor
- CVE Published:
- 13 February 2024
What is CVE-2024-21412?
CVE-2024-21412 is a notable vulnerability identified in Microsoft software that enables attackers to bypass existing security measures associated with Internet Shortcut Files. This flaw poses a risk to organizations by potentially allowing malicious actors to manipulate shortcuts in ways that can lead to unauthorized access or execution of harmful payloads. The vulnerability can significantly undermine the integrity and confidentiality of an organization’s data and systems, making it imperative for businesses relying on Microsoft products to take preventive measures.
Technical Details
CVE-2024-21412 is classified as a security feature bypass vulnerability, which means that it specifically targets and undermines the safeguards designed to protect Internet Shortcut Files. This vulnerability allows attackers to exploit the way these files are processed, creating a pathway for threats to execute commands or access sensitive information without triggering typical security protocols.
Impact of the Vulnerability
-
Unauthorized Access: The vulnerability can enable attackers to bypass security measures, granting them unauthorized access to systems and data by manipulating Internet Shortcut Files.
-
Data Compromise: Exploitation of this vulnerability may lead to the exposure of sensitive organizational data, increasing the risk of data breaches and potential loss of proprietary information.
-
Malicious Executions: By exploiting the weakness, attackers can potentially execute malicious code or payloads without detection, leading to further network infiltration and devastation, including ransomware deployment.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-21412 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 ARM64-based Systems 10.0.0 < 10.0.17763.5458
Windows 10 Version 21H2 32-bit Systems 10.0.0 < 10.0.19044.4046
Windows 10 Version 22H2 x64-based Systems 10.0.0 < 10.0.19045.4046
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
GBHackersMicrosoft Patch Tuesday 2024 : 73 Security Flaws
Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited.
4 months ago
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday.
5 months ago
eSecurity PlanetCVE-2024-21412Vulnerability Recap 7/29/24: Fortinet, Tenable Spot Flaws
This week’s vulnerabilities include multiple issues from previous years. Read more about the flaws your team needs to patch as soon as possible.
5 months ago
References
EPSS Score
2% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 🦅
CISA Reported
Vulnerability published
- 👾
Exploit known to exist
- 📰
First article discovered by Trend Micro
Vulnerability Reserved