Microsoft has released a major patch that addresses two critical zero-day vulnerabilities alongside a whole host of other security flaws.
The April 2024 Patch addresses both the proxy driver spoofing vulnerability tracked as CVE-2024-26234 and the SmartScreen prompt security feature bypass vulnerability tracked as CVE-2024-29988.
Double zero-day
The first zero-day exploit, CVE-2024-26234, was discovered in December 2023 by cybersecurity firm Sophos and identified as a malicious executable file which has been signed by a Microsoft Windows Hardware Compatibility Publisher (WHCP) certificate. Sophos linked the malicious file to a piece of software called LaiXi Android Screen Mirroring, released by Hainan YouHu Technology Co. Ltd.
The vulnerability acts as a backdoor via network traffic interception and monitoring and has since been added to Microsoft’s revocation list, but Sophos has seen indications that this vulnerability has been exploited since as far back as January 2023.
The second zero-day, CVE-2024-29988, is a continued exploitation of an incomplete security patch applied to the CVE-2024-21412 flaw. The vulnerability uses a bespoke file to dodge Microsoft Defender Smartscreen security. Microsoft said that for this particular vulnerability, “an attacker would need to convince a user to launch malicious files using a launcher application that requests that no UI be shown.”
In such a case, the attacker could send the infected file via email or instant messaging that, once opened, would exploit the remote code execution vulnerability. This vulnerability has been spotted in the wild, with Microsoft tagging it as “Exploitation More Likely”.
Via TheHackerNews
More from TechRadar Pro
- Half of UK businesses experienced a cyber attack in the past year
- These are the best firewalls around
- Boost your security with the best antivirus software
