14 February 2024

Microsoft fixes over 73 bugs, two actively exploited zero-days


Microsoft fixes over 73 bugs, two actively exploited zero-days

Microsoft has released security updates for more than 70 vulnerabilities as part of its February 2024 Patch Tuesday effort, which, among others, addresses two flaws said to have been actively exploited by threat actors.

One of the zero-days is CVE-2024-21351, a Windows SmartScreen security feature bypass vulnerability stemming from improper input validation when handling files downloaded from the Internet. A remote attacker can exploit this bug to bypass the SmartScreen protection feature and trick the victim into launching a malicious file on the system.

Currently, its unclear what threat actor has been exploiting vulnerability.

The second zero-day flaw tracked as CVE-2024-21412, is a Microsoft Defender SmartScreen bypass vulnerability. The issue exists due to improper input validation when handling Internet shortcut files. A remote attacker can trick the victim into clicking on a specially crafted shortcut file and execute arbitrary code on the system.

According to Trend Micro’s report, CVE-2024-21412 has been exploited as part of a sophisticated zero-day attack chain by a threat actor tracked as Water Hydra (aka DarkCasino) that targeted financial market traders. The attackers leveraged the zero-day flaw to deploy the DarkMe malware.

First spotted in 2021, Water Hydra is focused on targeting the financial industry, including banks, cryptocurrency platforms, forex and stock trading platforms, gambling sites, and casinos worldwide.

The most recent campaign by the threat actor involved a spear-phishing attack on forex trading forums and stock trading Telegram channels to infect them with the DarkMe malware. The attackers employed various social engineering techniques, such as posting messages asking for or providing trading advice, sharing fake stock and financial tools revolving around graph technical analysis, graph indicator tools, all of which were accompanied by a URL pointing to a malicious stock chart served from a compromised Russian trading and cryptocurrency information site FXBulls.

Besides the above mentioned zero-days, Microsoft has fixed a slew of high-severity vulnerabilities affecting Microsoft Office OneNote, Microsoft Office, Microsoft Word, Microsoft Outlook, Microsoft Exchange Server, Microsoft Entra Jira Single-Sign-On Plugin, Microsoft Azure Kubernetes, Microsoft ActiveX, Microsoft WDAC ODBC Driver, and other products.

Back to the list

Latest Posts

Cyber Security Week in Review: September 6, 2024

Cyber Security Week in Review: September 6, 2024

In brief: the US charges Russian GRU hackers for attacks on Ukraine, Apache, Cisco, Zyxel patch high-risk flaws, Google fixes Android zero-day, and more.
6 September 2024
Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Threat actors using MacroPack Red Team framework to deploy Brute Ratel, Havoc and PhantomCore

Some of the documents appeared to be part of legitimate Red Team exercises, while other were intended for malicious purposes.
5 September 2024
US seizes 32 domains linked to Russian Doppelganger influence campaign

US seizes 32 domains linked to Russian Doppelganger influence campaign

The domains, used to disseminate propaganda, were seized as part of a broader effort to disrupt Russia’s attempts to interfere in the 2024 US Presidential Election.
5 September 2024