Threat Hunting, Malware

Attacks Leveraging Windows SmartScreen Bypass Flaw Deployed Since March

Share

Threat actors have been leveraging a Windows SmartScreen bypass vulnerability, tracked as CVE-2024-38213, as a zero-day in attacks since March, reports BleepingComputer.

Intrusions exploiting the flaw, which has been patched but not detailed as part of the June Patch Tuesday update, could be launched remotely by attackers who have obtained interactions from targeted users, according to Microsoft.

"An attacker who successfully exploited this vulnerability could bypass the SmartScreen user experience. An attacker must send the user a malicious file and convince them to open it," said Microsoft.

Such a security issue was discovered by Trend Micro's Zero Day Initiative Threat Hunting team in March amid the analysis of another SmartScreen bug, tracked as CVE-2024-21412, which had been exploited in a DarkGate malware campaign. "This exploit, which we've named copy2pwn, results in a file from a WebDAV being copied locally without Mark-of-the-Web protections," said ZDI's Head of Threat Awareness Dustin Childs.