Microsoft has released security updates for more than 70 vulnerabilities as part of its February 2024 Patch Tuesday effort, which, among others, addresses two flaws said to have been actively exploited by threat actors.
One of the zero-days is CVE-2024-21351, a Windows SmartScreen security feature bypass vulnerability stemming from improper input validation when handling files downloaded from the Internet. A remote attacker can exploit this bug to bypass the SmartScreen protection feature and trick the victim into launching a malicious file on the system.
Currently, its unclear what threat actor has been exploiting vulnerability.
The second zero-day flaw tracked as CVE-2024-21412, is a Microsoft Defender SmartScreen bypass vulnerability. The issue exists due to improper input validation when handling Internet shortcut files. A remote attacker can trick the victim into clicking on a specially crafted shortcut file and execute arbitrary code on the system.
According to Trend Micro’s report, CVE-2024-21412 has been exploited as part of a sophisticated zero-day attack chain by a threat actor tracked as Water Hydra (aka DarkCasino) that targeted financial market traders. The attackers leveraged the zero-day flaw to deploy the DarkMe malware.
First spotted in 2021, Water Hydra is focused on targeting the financial industry, including banks, cryptocurrency platforms, forex and stock trading platforms, gambling sites, and casinos worldwide.
The most recent campaign by the threat actor involved a spear-phishing attack on forex trading forums and stock trading Telegram channels to infect them with the DarkMe malware. The attackers employed various social engineering techniques, such as posting messages asking for or providing trading advice, sharing fake stock and financial tools revolving around graph technical analysis, graph indicator tools, all of which were accompanied by a URL pointing to a malicious stock chart served from a compromised Russian trading and cryptocurrency information site FXBulls.
Besides the above mentioned zero-days, Microsoft has fixed a slew of high-severity vulnerabilities affecting Microsoft Office OneNote, Microsoft Office, Microsoft Word, Microsoft Outlook, Microsoft Exchange Server, Microsoft Entra Jira Single-Sign-On Plugin, Microsoft Azure Kubernetes, Microsoft ActiveX, Microsoft WDAC ODBC Driver, and other products.