Double zero-day malware patch released by Microsoft
Two critical vulnerabilities fixed in latest Microsoft patch
Microsoft has released a major patch that addresses two critical zero-day vulnerabilities alongside a whole host of other security flaws.
The April 2024 Patch addresses both the proxy driver spoofing vulnerability tracked as CVE-2024-26234 and the SmartScreen prompt security feature bypass vulnerability tracked as CVE-2024-29988.
The patch also covers fixes for 147 other security flaws rated between Important and Low in severity.
Double zero-day
The first zero-day exploit, CVE-2024-26234, was discovered in December 2023 by cybersecurity firm Sophos and identified as a malicious executable file which has been signed by a Microsoft Windows Hardware Compatibility Publisher (WHCP) certificate. Sophos linked the malicious file to a piece of software called LaiXi Android Screen Mirroring, released by Hainan YouHu Technology Co. Ltd.
The vulnerability acts as a backdoor via network traffic interception and monitoring and has since been added to Microsoft’s revocation list, but Sophos has seen indications that this vulnerability has been exploited since as far back as January 2023.
The second zero-day, CVE-2024-29988, is a continued exploitation of an incomplete security patch applied to the CVE-2024-21412 flaw. The vulnerability uses a bespoke file to dodge Microsoft Defender Smartscreen security. Microsoft said that for this particular vulnerability, “an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.”
In such a case, the attacker could send the infected file via email or instant messaging that, once opened, would exploit the remote code execution vulnerability. This vulnerability has been spotted in the wild, with Microsoft tagging it as “Exploitation More Likely”.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via TheHackerNews
More from TechRadar Pro
- Half of UK businesses experienced a cyber attack in the past year
- These are the best firewalls around
- Boost your security with the best antivirus software
Benedict has been writing about security issues for close to 5 years, at first covering geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division). Benedict then continued his studies at a postgraduate level and achieved a distinction in MA Security, Intelligence and Diplomacy. Benedict transitioned his security interests towards cybersecurity upon joining TechRadar Pro as a Staff Writer, focusing on state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.