Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with booby-trapped Internet Shortcut files. In late December 2023, Trend Micro researcher Peter Girnus and his colleagues in the ZDI Threat Hunting team discovered the Water Hydra APT leveraging the flaw to infect … More →

The post …

0 day apt attackers bypass cve december december 2023 defender defender smartscreen don't miss exploited feature february files fixes hot stuff internet microsoft microsoft defender microsoft exchange ms office patch patches patch tuesday security smartscreen tenable trend micro tuesday vulnerabilities vulnerability zero-days