CISA has added two new actively exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified as CVE-2024-21412 and CVE-2024-21351, have squarely set their sights on Microsoft Windows systems, injecting a sense of urgency into the vulnerability domain.
CISA, the Cybersecurity, and Infrastructure Security Agency, serves as the frontline defense against cyber threats, continuously monitoring and addressing emerging vulnerabilities that pose risks to digital infrastructures.
The two Critical Windows vulnerabilities, stemming from Windows Internet Shortcut Files and Windows SmartScreen Security target federal enterprises globally.
CVE-2024-21412: Internet Shortcut Files Security Feature Bypass
CVE-2024-21412 exploits a security flaw in Microsoft Windows Internet Shortcut Files, allowing attackers to bypass security features. Typically, when users attempt to open Internet Shortcut files from unknown sources, they receive a warning about potential harm.
However, this vulnerability enables attackers to circumvent this warning, potentially leading to the execution of malicious code.
While the severity of this vulnerability is notable, its criticality is somewhat mitigated by the requirement for user interaction, as confirmed by both CVSS and Microsoft’s proprietary ranking system.
CVE-2024-21351: Windows SmartScreen Security Feature Bypass
On the other hand, CVE-2024-21351 targets Windows SmartScreen, another integral security feature. This vulnerability enables attackers to bypass SmartScreen, facilitating the injection of malicious code and potentially leading to remote code execution.
Notably, recent critical SmartScreen bypass vulnerabilities have focused solely on bypassing security features, whereas CVE-2024-21351 introduces the possibility of code injection into SmartScreen itself, as reported by Microsoft’s researchers.
In both cases, successful exploitation requires user interaction, meaning that attackers must persuade users to open malicious files.
Additionally, the CVSS metric indicates that the privileges required for exploitation are low, further highlighting the importance of user awareness and caution.
Understanding Mark of the Web
Regarding CVE-2024-21351, the relationship between the Mark of the Web and Windows SmartScreen is important.
Mark of the Web is an NTFS stream added by Windows to files downloaded from the internet. SmartScreen uses this information to conduct reputation checks on downloaded files, enhancing security by identifying potentially harmful content.
Considering the potential impact of these vulnerabilities, successful exploitation could result in a range of consequences, including loss of confidentiality, compromised integrity, and reduced system availability.
By injecting code into SmartScreen, attackers could execute arbitrary commands, leading to data exposure and system instability.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
