This vulnerability allows remote malicious users to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 11 22h2 |
||
microsoft windows 10 21h2 |
||
microsoft windows server 2022 |
||
microsoft windows server 2019 |
||
microsoft windows server 2022 23h2 |
||
microsoft windows 11 23h2 |
||
microsoft windows 11 21h2 |
||
microsoft windows 10 1809 |
||
microsoft windows 10 22h2 |
Microsoft fixes two Windows zero-days exploited in malware attacks By Sergiu Gatlan April 9, 2024 06:06 PM 0 Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. The first, tracked as CVE-2024-26234 and described as a proxy driver spoofing vulnerability, was issued to track a malicious driver signed using a valid Microsoft Hardware Publisher Certificate that was found by Sophos X-O...
Hackers abuse Windows SmartScreen flaw to drop DarkGate malware By Bill Toulas March 13, 2024 05:26 PM 0 A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that displays a warning when users attempt to run unrecognized or suspicious files downloaded from the internet. The flaw tracked as CVE-2024-21412 i...
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware By Bill Toulas March 13, 2024 05:26 PM 0 A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that displays a warning when users attempt to run unrecognized or suspicious files downloaded from the internet. The flaw tracked as CVE-2024-21412...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android
Patch Tuesday Microsoft fixed 73 security holes in this February's Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack. Of the whole bundle five are rated critical and two others, rated important and moderate threats, are the pair being exploited in the wild. First up: CVE-2024-21412, an internet shortcut file security feature bypass vulnerability that earned an 8.1-out-of-10 CVSS severity rating though Redmond only considers it important. After a ...