Newly Discovered Vulnerability Allows Attackers to Bypass Security Measures
CVE-2024-21412
Key Information:
- Vendor
- Microsoft
- Vendor
- CVE Published:
- 13 February 2024
Badges
What is CVE-2024-21412?
CVE-2024-21412 is a notable vulnerability identified in Microsoft software that enables attackers to bypass existing security measures associated with Internet Shortcut Files. This flaw poses a risk to organizations by potentially allowing malicious actors to manipulate shortcuts in ways that can lead to unauthorized access or execution of harmful payloads. The vulnerability can significantly undermine the integrity and confidentiality of an organization’s data and systems, making it imperative for businesses relying on Microsoft products to take preventive measures.
Technical Details
CVE-2024-21412 is classified as a security feature bypass vulnerability, which means that it specifically targets and undermines the safeguards designed to protect Internet Shortcut Files. This vulnerability allows attackers to exploit the way these files are processed, creating a pathway for threats to execute commands or access sensitive information without triggering typical security protocols.
Impact of the Vulnerability
-
Unauthorized Access: The vulnerability can enable attackers to bypass security measures, granting them unauthorized access to systems and data by manipulating Internet Shortcut Files.
-
Data Compromise: Exploitation of this vulnerability may lead to the exposure of sensitive organizational data, increasing the risk of data breaches and potential loss of proprietary information.
-
Malicious Executions: By exploiting the weakness, attackers can potentially execute malicious code or payloads without detection, leading to further network infiltration and devastation, including ransomware deployment.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 ARM64-based Systems 10.0.0 < 10.0.17763.5458
Windows 10 Version 1809 x64-based Systems 10.0.17763.0 < 10.0.17763.5458
Windows 10 Version 21H2 32-bit Systems 10.0.19043.0 < 10.0.19044.4046
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting 🔔
Well keep you posted 📧
News Articles
Microsoft patches two zero-days for Valentine’s Day | Computer Weekly
Two security feature bypasses impacting Microsoft SmartScreen are on the February Patch Tuesday docket, among over 70 issues.
3 weeks ago
February 2024 Patch Tuesday: Updates and Analysis
Microsoft has released security updates for 73 vulnerabilities, including two zero-days, for its February 2024 Patch Tuesday rollout.
GBHackersMicrosoft Patch Tuesday 2024 : 73 Security Flaws
Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 🥇
Vulnerability reached the number 1 worldwide trending spot
- 📈
Vulnerability started trending
- 💰
Used in Ransomware
- 🦅
CISA Reported
Vulnerability published
- 👾
Exploit known to exist
- 📰
First article discovered by Trend Micro
Vulnerability Reserved