overview

As a part of patch Tuesday, Microsoft has responded to security concerns by providing fixes for a total of 72 vulnerabilities, including two zero-day vulnerabilities, CVE-2024-21412 and CVE-2024-21351. Both vulnerabilities are being actively exploited by attackers.  

CVE-2024-21412 (CVSS 9.1) allows attackers to bypass the Microsoft Defender SmartScreen security feature using manipulated Internet Shortcut files. This vulnerability was initially discovered by a Trend Micro researcher in late December 2023. The exploit, used by the Water Hydra APT group, involves luring victims through spearphishing campaigns on forex and stock trading forums. Victims are tricked into downloading seemingly harmless image files, which are, in fact, malicious Internet Shortcut files leading to the deployment of DarkMe malware.  

The second vulnerability, CVE-2024-21351 (CVSS 7.6), involves a bypass of the Windows SmartScreen security feature, allowing attackers to execute code and potentially expose data or disrupt system availability. Details about the exploit's origin and prevalence have not been disclosed by Microsoft. Avertium encourages all system administrators to patch as soon as possible.  

 

 

avertium's recommendationS




 

INDICATORS OF COMPROMISE (IoCs)

CVE-2024-21412 

MD5 

  • 409e7028f820e6854e7197cbb2c45d06 
  • 93daa51c8af300f9948fe5fd51be3bfb 

SHA1 

  • a2ba225442d7d25b597cb882bb400a3f9722a5d4 
  • d41c5a3c7a96e7a542a71b8cc537b4a5b7b0cae7 

SHA256 

  • bf9c3218f5929dfeccbbdc0ef421282921d6cbc06f270209b9868fc73a080b8c 
  • d123d92346868aab77ac0fe4f7a1293ebb48cf5af1b01f85ffe7497af5b30738 
  • 008e57d62caa8cfa991f5519eabe3f15d79799b81ba8cc6b67cde6da0dbffdab 
  • 087878208755420d5d7ae2eb6a84482768cb8972732911ac16096cd0c95fa0f7 
  • 1115e4bed3949493d8ab184e5c42f047355f13b9bf91c1621acb7971a148bea2 
  • 135cfefe353ca57d24cfb7326f6cf99085f8af7d1785f5967b417985e8a1153c 
  • 1458a762332676f7807ab45f8f236c22a1a7bb0c21fcd8c779f972f2446a11d0 
  • 18b1dc2e00245cb017ebdedfe63881929d7542eeffa8f42ee0ad20cc2ebf181a 
  • 1956bcd3df47e76b2e9f396514f072311563d092ae02509f817c488567749998 
  • 1fbc621a71578cb22d4e3a0feec68735321358a3aeb18adbe4a20630c7f788b8 
  • 252351cb1fb743379b4072903a5f6c5d29774bf1957defd9a7e19890b3f84146 
  • 39fb9fb06910f1133f3b23c523a5139f61d243380802b0670a664473d00e1fa9 
  • 3e420ce1dc1a8503f48815b880381dd23206e08be2474d151f1353df7df2d796 
  • 4201ab8c0c4cf0f01f5a25d8e4e7221634776b5bad8c3faad5ad819ec58619ad 
  • 4307a067db6b6abd852441e6d70de29c3bd0e4d6a68f0449b403401518b7e037 
  • 4c43b4575063d50ca5668e45a434aaf288970c89e8a4414812560ee787307f58 
  • 58b0f5da4a53e956b35e77f55ced641291a596e16067b1dab6ac54d9cb6a52a5 
  • 594e7f7f09a943efc7670edb0926516cfb3c6a0c0036ac1b2370ce3791bf2978 
  • 5b16ac1edb747053ee5a085ab826c61218c5b471eaa04f2471dc2e80b5621023 
  • 5c85a0fe230d351b35da364c797cc95557f5dcceec034eb648e1805237c7203b 
  • 5f4ef55201080ef3a62b0fbdc4c27e0ccdf4041f41c04471f35b127ff6515405 
  • 61de01bc154b1118caacfed3839c996a795d6c21c2efbf1da6b926414f5d182d 
  • 65cc5594b307c2ac4e3c251aeae68dedf7d1f24ba3b0d7ab5ad3623e8a9fc865 
  • 6793e0fbc2def9173bf8e2a6c1aa357ba7fc3e32dc1cf81107677166f175c890 
  • 69fc5bed55acf559035f2c5550bf8807236b580f8e2db88966b3fc80c83914d3 
  • 6bec457f83d0d98f6f6ea1243c2327e012db38fb61680f6bd68dbab0dc07170a 
  • 6e825a6eb4725b82bd534ab62d3f6f37082b7dbc89062541ee1307ecd5a5dd49 
  • 7058ae0f02e116b38536ee1ec20f47645aecf761361b5a5e85de2961f3cc88c6 
  • 70b4c2d696a24a5ae2f5e5095dc44e68b4605e4690c8a49930194ee87eb80252 
  • 71d0a889b106350be47f742495578d7f5dbde4fb36e2e464c3d64c839b1d02bc 
  • 73922ab0d048b45a01f13ba967f1423bc6cd6cc711f8e7d00a4cf2b1d3646f4e 
  • 758c6364ab560fbeff2bfa8712a2e09132d85d0bf6918e6acc79fe12f5b71ec3 
  • 761fa42bc4cc5332a640c7389240324242981176ca1626e4267cc8a00cf9545f 
  • 77d685e29c3dbe75fa8a82c69c68c731a09904020a76145ca27aeaf0058455cd 
  • 88bb1df99e02021801b08beeff87ec3ceb9e16c42f62904c5ac04c1a26213a48 
  • 941cf63028bf8314bc7114a088f4d1f1dd995bec4a4b7c51fda34fbb3528667f 
  • a45e0ea5a17ba6f3a2ce7258f6cc81c6f93f37873b49218a25ec638987da6f96 
  • a5096c4624a523a660242e3451c2f4d644431a35098e36b724fab9f7d88d145d 
  • a9633da58719f07159702101474b6ba78f2ffee28b3f7ebda3feb36db4e2d0e9 
  • b0ab19986ab1297870854980f1287f1a4b8d003c540773a6c04fb3565e5701ee 
  • b350a787c19a756c0824e14eec7e9d746450d1aafb28a5d15209ec9f34c58129 
  • b36dc329a5dc766c2645d5f5b6cdaa9542ec3b0aa1bc13dc1f899ce6d95d59fb 
  • b69d36e90686626a16b79fa7b0a60d5ebfd17de8ada813105b3a351d40422feb 
  • b738e92afc95cba819aa7aebfad459de38743c478e9e8b8f29f9919697b495b0 
  • b8b6b6d98b7ea689f0c33d55a06afcf20482b25c51929ca9a1b302374290b337 
  • babbd9c94dedb94be8baac2ddc5b4714c44a8d0c60d49c0dc91708784bc0d57f 
  • bbdf52481bd1a15710d75b89240c7a360450e2f4f00ba2cb140affba79ebec94 
  • c86ba0da732e1fa1f06549d3ebc5ae6ae091199e95930681ac2a9152a8834184 
  • d6000a19198b8b9719fc17f7c06366e542802a8e7e232ba731b72c31226cc890 
  • d81e7d95004441ea4f5344215232db57f48579bf335c7ba4ed7f6ec6f9136ed0 
  • d895fff3c909ea2eb6624fc5f154c924fe0af51c6c899fd9093dc3cd27a5dad2 
  • db1bc70c0d0c7121f1d4422a6fcd0e0668d9da786affb52dd77852641e425710 
  • dc1b15e48b68e9670bf3038e095f4afb4b0d8a68b84ae6c05184af7f3f5ecf54 
  • ddda5737b2c3207d72d728bf40709a7296c31e7c50951dcad441f4707581ccb1 
  • e1b903eba88b920909876442306e1160eed9b69c69a05ea370cba2121e305ba1 
  • e49a7d9083b2e448274d117405c39b0c1b2c0c20ab5195bdf94aaeda7cc113d7 
  • f44964c8fdf6dbdb21c141df61b45467bba5a4482f7ab19fd6f1841fdb791f2a 
  • f6b01df60d526f1de530230724d41b482adfff81084a1872bb97c316b76e45e3 
  • f701f500d348b63f3250239cd8305a8b38230e67d74456f3333c6efeeef85bbb 

IPv4 

  • 84.32.189.74 
  • 179.43.172.127 
  • 179.43.172.191 
  • 64.31.63.194 
  • 64.31.63.70 

Domain 

  • 87iavv.com 
  • fxbulls.ru 
  • p2oaviwt39ui.com 
  • unfawjelesst322.com 

CVE-2024-21351 

  • At this time, there are no known IoCs associated with CVE-2024-21351. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Expanding endpoints, cloud computing environments, and accelerated digital transformation have decimated the perimeter in an ever-expanding attack surface. Avertium offers Attack Surface Management, so you’ll have no more blind spots, weak links, or fire drills. See every threat in your attack surface, every device, every entry point, and every vulnerability. Our Attack Surface Management services include:  
    • Risk Assessments 
    • Pen Testing and Social Engineering  
    • Infrastructure Architecture and Integration  
    • Zero Trust Network Architecture 
    • Vulnerability Management 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 




 

SUPPORTING DOCUMENTATION

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) - Help Net Security 

Microsoft squashes security bugs under active exploitation • The Register 

CVE-2024-21412 - Security Update Guide - Microsoft - Internet Shortcut Files Security Feature Bypass Vulnerability 

CVE-2024-21351 - Security Update Guide - Microsoft - Windows SmartScreen Security Feature Bypass Vulnerability 

 
Chat With One of Our Experts



microsoft Zero-Day Vulnerability Flash Notice Microsoft Vulnerability Double Zero-Day Microsoft Zero-Day Blog