Background
CVE-2024-21412 is a critical vulnerability found in Microsoft Defender SmartScreen and discovered by the Trend Micro™ Zero Day Initiative™ (ZDI). The bypass is part of a sophisticated zero-day attack chain by the advanced persistent threat (APT) group we’ve identified as Water Hydra (aka DarkCasino), which previously targeted financial market traders. We’ve also discovered a second unidentified group exploiting this same vulnerability.
Special Patch Report
ZDI Senior Threat Researcher, Peter Girnus, discusses his findings on CVE-2024-21412, which he found actively exploited in the wild. Find out the details and about the bug and the threat actors.
ZDI Security update
Everything about CVE-2024-21412 from our zero day initiative team.
Impact
Threat actors are constantly devising new ways of exploiting gaps to bypass security measures. We found that the bypass of CVE-2023-36025 (a previously patched SmartScreen vulnerability) led to the discovery and exploitation of CVE-2024-21412. This underscores how threat actors can circumvent patches by identifying new vectors of attack around a patched software component. The users most at risk are customers of Microsoft Windows Defender, and the risk is lower for users with mutlivendor layered security in place. Trend customers who’ve implemented our IPS (virtual patch) technologies are at the lowest risk.
What to do and what to know?
Trend customers have been protected from CVE-2024-21412 since January 17 thanks to virtual patching and others will be protected once the official patch is released by Microsoft.
While many organizations will be rushing to alarm security operations to test and deploy the official Microsoft patch, which is likely to include a reboot, Trend customers do not need to make any changes to their patch protocol since they are already protected.
For over three decades, Trend has been protecting enterprises from cyber attacks, thwarting both zero-day exploits and N-day vulnerabilities at the earliest stages. The synergistic relationship between the Trend Micro™ Zero Day Initiative™ (ZDI) threat-hunting teams and Trend Micro products allows us to identify new threats in the wild and build proactive protections for our customers. In 2023, we had active virtual patches on average 51 days ahead of Microsoft patches and, overall, 96 days ahead of all vendors whose bugs were submitted through the program. Trend boasts one of the most substantial vulnerability research organizations worldwide. Leveraging this expertise, we shield our customers from new and existing exploits.
Trend Knowledge Base
Comprehensive proactive protection and detection.
Video overview
How to take immediate action in response to the ongoing active exploitation of this vulnerability by cybercriminals.
Facts and fixes
How to safeguard your customers, employees, and systems from attacks that exploit vulnerabilities.
Protection built on leading technology
Our cybersecurity platform, Trend Vision One™, protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. Rated a leader by Gartner, Forrester, and IDC, our platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response.
