Heimdal
Home > Cybersecurity News

Microsoft Patched SmartScreen Zero-Day Without Announcing

Last updated on August 14, 2024

article featured image

Contents:

Microsoft revealed that it had patched a critical SmartScreen zero-day vulnerability two months ago, during June 2024, on Patch Tuesday.

Hackers had been exploiting the flaw in the wild as a zero-day since March 2024.

More about the SmartScreen zero-day vulnerability

The SmartScreen zero-day is tracked as CVE-2024-38213. Hackers can exploit it remotely to avoid Windows’ SmartScreen protection measures and deploy malware on compromised devices.

SmartScreen protects users from suspicious software by flagging downloaded files with a Mark of the Web (MotW) label.

Researchers observed threat actors exploiting CVE-2024-38213 for the first time in March 2024. DarkGate used it to install malware that mimicked legitimate software: Apple iTunes, Notion, and NVIDIA installers.

Researchers said the vulnerability allowed the exploiters to copy files locally without using MotW. Exploiting CVE-2024-38213 requires the user to open malicious files.

CISA warned about the existence of this vulnerability in a recent advisory, among other 5 Microsoft flaws.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Source – CISA advisory

CISA advises System Administrators to apply available updates as soon as possible to avoid a cyberattack.

The silent patching of the SmartScreen zero-day

Microsoft released a patch for CVE-2024-38213 in June, but they didn’t issue an advisory for their users until August.

Prioritizing vulnerabilities is a critical and complex step in the patch management process. If Microsoft had announced earlier the existence of a zero-day in SmartScreen it would have urged System Admins to apply patches faster. Thus, they could have kept their systems safe from the vulnerability.

The list of impacted Microsoft products is longer than 10 items and you can see it here. Some of the affected products are:

  • windows_server_2012
  • windows_server_2016
  • windows_server_2019
  • windows_10_1607
  • windows_10_1809
  • windows_10_21h2
  • windows_10_22h2
  • windows_10_1507
  • windows_server_2022

list of products affected by smartscreen zero day

Source – CVEfeed.io

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

Related Articles

Best Automated Patch Management Software in 2024The 7 Key Steps of the Effective Patch Management ProcessWhat is the EPSS score? How to Use It in Vulnerability PrioritizationWhat Is Automated Patch Management? Process, Benefits, Best Practices & MorePatch Management vs. Vulnerability Management: A ComparisonWhat Is Risk-Based Vulnerability Management?Defining Zero-Day Vulnerability

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE
linkedin
youtube
facebook
x

resources

company

newsletter

© 2024 Heimdal®

Vat No. 35802495, Vester Farimagsgade 1, 2 Sal, 1606 København V