#LNKStomping

Microsoft fixes Windows Smart App Control zero-day exploited since 2018

by

September 10, 2024 at 02:15PM Microsoft has resolved a zero-day exploit in Windows Smart App Control and SmartScreen, labeled as CVE-2024-38217, that threat actors have been exploiting since at least 2018. The vulnerability allowed them to bypass security features and launch untrusted files. Elastic Security Labs has detected and reported the flaw, and Microsoft is … Read more

Bad apps bypass Windows security alerts for six years using newly unveiled trick

by

August 6, 2024 at 10:44AM Elastic Security Labs revealed various methods for attackers to run malicious apps undetected by Windows’ security features. One method, “LNK Stomping,” exploits a bug in Windows’ handling of shortcut files to bypass SmartScreen and Smart App Control. Elastic engaged with Microsoft about the issue, but no immediate fix is promised. … Read more