Request a Demo
Rewterz
Rewterz Threat Alert – Raspberry Robin Malware Spreads Through Discord and Uses New Exploits – Active IOCs
February 14, 2024
Rewterz
Rewterz Threat Advisory – ICS: Multiple Siemens Simcenter Femap Vulnerabilities
February 14, 2024

Rewterz Threat Advisory – Multiple Microsoft Windows Products Vulnerabilities Exploit in the Wild

Severity

High

Analysis Summary

CVE-2024-21351 CVSS:7.6

Microsoft Windows could allow a remote attacker to bypass security restrictions, cause by a flaw in the SmartScreen component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to bypass the SmartScreen user experience.

CVE-2024-21412 CVSS:8.1

Microsoft Windows could allow a remote attacker to bypass security restrictions, caused by a flaw in the Internet Shortcut Files component. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to bypass security features.

Impact

  • Security Bypass

Indicators Of Compromise

CVE

  • CVE-2024-21351
  • CVE-2024-21412

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019
  • Microsoft Windows 10 x64
  • Microsoft Windows 10 1809 for 32-bit Systems
  • Microsoft Windows 10 1809 for x64-based Systems
  • Microsoft Windows 10 1809 for ARM64-based Systems
  • Microsoft Windows 10 x32
  • Microsoft Windows Server (Server Core installation) 2019
  • Microsoft Windows Server (Server Core installation) 2016
  • Microsoft Windows Server (Server Core installation) 2022
  • Microsoft Windows 10 1607 for 32-bit Systems
  • Microsoft Windows 10 1607 for x64-based Systems
  • Microsoft Windows Server 2022
  • Microsoft Windows 10 21H2 for 32-bit Systems
  • Microsoft Windows 10 21H2 for ARM64-based Systems
  • Microsoft Windows 10 21H2 for x64-based Systems
  • Microsoft Windows 11 22H2 for ARM64-based Systems
  • Microsoft Windows 11 22H2 for x64-based Systems
  • Microsoft Windows 10 22H2 for x64-based Systems
  • Microsoft Windows 10 22H2 for 32-bit Systems
  • Microsoft Windows 10 22H2 for ARM64-based Systems
  • Microsoft Windows 11 21H2 for ARM64-based Systems
  • Microsoft Windows 11 21H2 for x64-based Systems
  • Microsoft Windows Server (Server Core installation) 2022 23H2
  • Microsoft Windows 11 23H2 for ARM64-based Systems
  • Microsoft Windows 11 23H2 for x64-based Systems

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2024-21351

CVE-2024-21412