[CDP-development] TLP:GREEN (Zero-Day Alert Notification) - CVE-2024-21351 & CVE-2024-21412: Multiple vulnerabilities in Microsoft Windows

CSS Security Operations Services * DAS css-soc-services at das.oregon.gov
Tue Feb 13 13:22:49 PST 2024 

Good afternoon,

The SOC Services team is reporting on the vulnerabilities: CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability & CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Due to their high visibility and knowledge of the software installed in the state environment, we are providing this in-depth information:

History: On February 13, 2024, CISA added CVE-2024-21412 and CVE-2024-21351 to the Known Exploited Vulnerabilities Catalog.

For details regarding vulnerable versions and patching information please use the links found below.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351

Intelligence: As of February 13, 2024, the vulnerability has been confirmed as being exploited in the wild.

Workarounds: There are no workarounds for this vulnerability.

How it works: To exploit CVE-2024-21351 an authorized attacker must send the user a malicious file and convince the user to open it. Exploitation of CVE-2024-21412 requires an attacker to send the user a specially crafted file that is designed to bypass displayed security checks.

Post-Exploit: Upon successful exploitation of the vulnerabilities an attacker could bypass the Windows SmartScreen Security feature or bypass Mark of the Web (MoTW) warnings in Windows.

As of February 13, 2024, Tenable has not released any plugins for CVE-2024-21351 or CVE-2024-21412 and has no plugins in the pipeline.
Recommended Actions:


  *   Verify host has not been compromised before applying patches.
  *   Apply appropriate updates provided by vendor to vulnerable systems immediately after appropriate testing.
  *   Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  *   Apply the Principle of Least Privilege to all systems and services.


[cid:image001.png at 01DA5E7E.54D02BB0]
Cyber Security Services
State of Oregon Cyber Security Services
Enterprise Information Services | SOC
Cyber Security Services (CSS)
SOC Hotline: (503) 378-5930 | SOC Services (503) 373-0378
"Ensuring user-friendly, reliable and secure state technology systems that serve Oregonians."


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240213/f382b0ac/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21907 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20240213/f382b0ac/attachment-0001.png>

More information about the CDP-development mailing list