Windows Defender Ze...
 
Notifications
Clear all

Windows Defender Zero-day drops DarkMe malware

2 Posts
1 Users
0 Likes
311 Views
Brandon Lee
(@brandon-lee)
Posts: 543
Member Admin
Topic starter
 

Microsoft addressed a critical vulnerability in the Windows Defender SmartScreen, identified as a zero-day, that was being exploited by a cybercriminal group for financial gains. This group, known as Water Hydra and DarkCasino, utilized the vulnerability, designated CVE-2024-21412, to distribute the DarkMe remote access trojan (RAT). The exploitation of this vulnerability was detected by Trend Micro's security team on New Year's Eve.

The vulnerability allowed unauthenticated attackers to develop and distribute files designed to circumvent security checks displayed by the SmartScreen. Microsoft's security advisory clarifies that while attackers could not directly force users to interact with malicious content, they could persuade users to click on a link to the file.

Peter Girnus, a security researcher at Trend Micro who is credited with identifying this zero-day flaw, highlighted that CVE-2024-21412 serves as a bypass for another vulnerability in Defender SmartScreen, CVE-2023-36025. The earlier vulnerability was patched in November 2023 as part of Microsoft's Patch Tuesday updates. Trend Micro had previously reported that CVE-2023-36025 was exploited to circumvent Windows security prompts for deploying the Phemedrone info-stealer malware through URL files.

This sequence of events underscores the continuous arms race between cybersecurity professionals and threat actors, with vulnerabilities being patched only for new ones to be discovered and exploited in ongoing cyberattacks.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412

 
Posted : 13/02/2024 4:50 pm
Brandon Lee
(@brandon-lee)
Posts: 543
Member Admin
Topic starter
 

If you are looking for a way to easily patch Windows servers in an automated fashion, take a look at the pswindowsupdate module. I have written about this in a previous blog post. Take a look at that here:

https://www.virtualizationhowto.com/2023/06/pswindowsupdate-automated-windows-updates-with-powershell/

 
Posted : 13/02/2024 4:52 pm