Newly Discovered Vulnerability Allows Attackers to Bypass Security Measures

CVE-2024-21412
8.1HIGH

Key Information

Vendor
Microsoft
Status
Windows 11 Version 21h2
Windows 10 Version 1809
Windows 10 Version 21h2
Windows Server 2022
Vendor
CVE Published:
13 February 2024

Badges

🔥 No. 1 Trending😄 Trended👾 Exploit Exists🔴 Public PoC📰 News Worthy

Summary

A recently discovered critical vulnerability in Microsoft software, CVE-2024-21412, has been actively exploited by the advanced persistent threat group Water Hydra. This vulnerability allows attackers to bypass Microsoft Defender SmartScreen and infect financial market trader companies with the DarkMe malware. The attack method involves leveraging internet shortcuts disguised as JPEG images to bypass security measures and compromise Windows hosts. Microsoft has released a fix for this flaw as part of its latest updates, but the incident highlights the need for CISOs and decision-makers to adopt a multilayered approach to address the risks of zero-day vulnerabilities. Overall, the exploitation of CVE-2024-21412 poses a significant threat to affected systems and underscores the importance of timely patching and security vigilance against advanced cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-21412 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 11 version 21H2 < 10.0.22000.2777

Windows 10 Version 1809 < 10.0.17763.5458

Windows 10 Version 21H2 < 10.0.19044.4046

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-21412_Water-Hydra
Created by wr00t

News Articles

favicon imageBleepingComputer

New Windows SmartScreen bypass exploited as zero-day since March

Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday.

1 month ago

favicon imageeSecurity Planet

Vulnerability Recap 7/29/24: Fortinet, Tenable Spot Flaws

This week’s vulnerabilities include multiple issues from previous years. Read more about the flaws your team needs to patch as soon as possible.

2 months ago

favicon imageSecurity Affairs

Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

CVE-2024-21412 flaw in Microsoft Defender SmartScreen has been exploited to deliver info stealers such as ACR Stealer, Lumma, and Meduza.

2 months ago

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit exists.

  • 🔥

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • Vulnerability published.

  • First article discovered by Trend Micro

  • Vulnerability Reserved.

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed1 Proof of Concept(s)40 News Article(s)
.