HomeWinBuzzer NewsMicrosoft Fixes Windows SmartScreen Zero-Day Exploited Since March

Microsoft Fixes Windows SmartScreen Zero-Day Exploited Since March

Microsoft has patched critical SmartScreen vulnerability (CVE-2024-38213) exploited by hackers to distribute malware disguised as legitimate software.

-

A critical security gap in Windows SmartScreen has been sealed by after hackers exploited it for several months. The flaw, tagged as CVE-2024-38213, allowed malicious actors to bypass SmartScreen's protective measures, intended to shield users from harmful software.

Discovery and Exploitation

Trend Micro's Peter Girnus – via Bleeping Computer – discovered the flaw, witnessing its abuse by cybercriminals to deploy malware masquerading as legitimate software like Apple iTunes and installers. Although exploitation required user interaction, targeted attacks made the flaw notably effective.

Microsoft included a fix for this issue in its June 2024 Patch Tuesday update, despite initial omissions in June and July's security updates. It seems the flaw was a piece of a larger scheme by DarkGate malware operators, previously known for exploiting another SmartScreen vulnerability, CVE-2024-21412.

Technical Insights and Damage

CVE-2024-38213 allowed the circumvention of the Mark of the Web (MotW) label, a critical indicator used by SmartScreen to flag potentially dangerous files. Attackers leveraged this oversight to entice users into opening harmful files without SmartScreen interference. The exploitation involved files from WebDAV shares, manipulating them through copy-and-paste actions.

Trend Micro's Zero Day Initiative (ZDI) reported the DarkGate campaign's escalating activities, referencing previous like CVE-2024-21412. The operation saw malware disguised as genuine software installers infiltrate user systems. Microsoft already patched that issue in February

Continued Security Issues

SmartScreen vulnerabilities have consistently posed threats. Earlier, the Water Hydra group used CVE-2024-21412 in malware campaigns targeting stock trading and forex forums via the DarkMe trojan. Moreover, Elastic Security Labs identified a design flaw in Windows Smart App Control and SmartScreen dating back to 2018, enabling hidden program executions.

Microsoft continues to tackle these vulnerabilities with continuous updates. The recent August 2024 Patch Tuesday addressed nine zero-day flaws, including six actively exploited vulnerabilities.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

Mastodon