- CVE: CVE-2024-21412 + CVE-2024-21351 + CVE-2024-21410
- Severity: CRITICAL
- Priority: CRITICAL
CVE-2024-21351 represents a loophole in the Windows SmartScreen security feature, enabling malicious actors to bypass it and potentially deliver malware by tricking users into opening compromised files.
Exploiting this vulnerability allows unauthorized injection of code into SmartScreen, potentially leading to data exposure or system unavailability. Windows typically employs Mark-of-the-Web (MotW) to discern files from untrusted origins. However, SmartScreen bypasses within Windows Defender enable attackers to circumvent this scrutiny and execute code discreetly.
Although Microsoft hasn’t disclosed the extent of these attacks, it’s prudent to anticipate a rise in exploits as threat actors incorporate this method into their arsenals.
It’s crucial to promptly test and apply patches for both CVE-2024-21412 and CVE-2024-21351 to mitigate these risks effectively.
Trendmicro has an excellent blog article on this attack
CVE-2024-21410, identified as an elevation of privilege flaw within Microsoft Exchange Server, warrants immediate attention for patching. However, addressing this vulnerability fully may pose challenges as it necessitates additional administrative actions.
Exploiting CVE-2024-21410 could potentially lead to the exposure of NTLM credentials belonging to a targeted user. These credentials could then be exploited in NTLM relay or pass-the-hash attacks, enabling the attacker to authenticate as the targeted user. Satnam Narang, senior staff research engineer at Tenable, emphasizes the value of flaws like these to attackers, citing a similar vulnerability (CVE-2023-23397) exploited by a Russian-based threat actor.
Additionally, CVE-2024-21413 presents a remote code execution vulnerability affecting Microsoft Office. This vulnerability could allow attackers to circumvent the Office Protected View and open a file in editing mode, potentially enabling code execution. Of particular concern is the possibility of code execution occurring within the Preview Pane.
Addressing CVE-2024-21413 requires users of both the 32- and 64-bit versions of Office 2016 to install multiple updates to fully mitigate the vulnerability.