Microsoft fixes Windows Smart App Control zero-day exploited since 2018

September 10, 2024 at 02:15PM Microsoft has resolved a zero-day exploit in Windows Smart App Control and SmartScreen, labeled as CVE-2024-38217, that threat actors have been exploiting since at least 2018. The vulnerability allowed them to bypass security features and launch untrusted files. Elastic Security Labs has detected and reported the flaw, and Microsoft is … Read more

Windows Smart App Control, SmartScreen bypass exploited since 2018

August 5, 2024 at 03:56PM Design flaw in Windows Smart App Control and SmartScreen allows attackers to run programs without security warnings since 2018. As the executive assistant, I will diligently and accurately generate clear takeaways from the meeting notes. It appears that a design flaw in Windows Smart App Control and SmartScreen has been … Read more

Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

August 5, 2024 at 09:18AM Cybersecurity researchers have identified design weaknesses in Microsoft’s Windows Smart App Control and SmartScreen, potentially allowing threat actors to gain access without triggering warnings. These vulnerabilities include bypassing protections with a legitimate EV certificate, reputation hijacking, seeding, tampering, and LNK stomping. This underscores the need for additional scrutiny in download … Read more

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware

March 14, 2024 at 02:23AM DarkGate malware exploits a fixed Windows Defender SmartScreen flaw to install fake software, overcoming security checks. This flaw, tracked as CVE-2024-21412, allows attackers to execute files automatically. Trend Micro reports that DarkGate operators are using this vulnerability to enhance infection rates. The campaign involves a multi-step infection chain and employs … Read more

Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days

February 14, 2024 at 12:51AM Microsoft has released 73 patches to address security flaws in its software lineup for February 2024’s Patch Tuesday updates. This includes 5 Critical, 65 Important, and 3 Moderate vulnerabilities, along with fixes for the Chromium-based Edge browser. Among the critical flaws is a bypass vulnerability in Windows SmartScreen and Internet … Read more

SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes

February 13, 2024 at 03:16PM Microsoft issued a patch for CVE-2024-21412, a zero-day SmartScreen vulnerability used by the Water Hydra APT group to target financial market traders. Trend Micro protects customers from this, emphasizing the importance of proactive cybersecurity measures and a dedicated bug bounty program. Trend customers have been protected since January 17 via … Read more

Another month, another bunch of fixes for Microsoft security bugs exploited in the wild

November 14, 2023 at 07:42PM Microsoft’s November Patch Tuesday fixes around 60 vulnerabilities, including three that have already been exploited. These include privilege-escalation vulnerabilities in Windows Desktop Manager and Windows Cloud Files Mini Filter Driver, as well as a security feature bypass flaw in Windows Defender SmartScreen. Additionally, Adobe patched 76 vulnerabilities across its products, … Read more