CISA Adds Two Microsoft Windows Bugs to Its Known Exploited Vulnerabilities Catalog

February 15, 2024

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. These additions follow the release of Microsoft's February 2024 Patch Tuesday updates, which addressed a total of 72 vulnerabilities, including the two actively exploited ones.

The first vulnerability, CVE-2024-21412, is an Internet Shortcut Files Security Feature Bypass Vulnerability with a CVSS score of 8.1. This flaw allows an unauthenticated attacker to bypass security checks by sending a victim a specially crafted file. The victim must be tricked into clicking the file link to trigger the flaw.

The second vulnerability, CVE-2024-21351, is a Windows SmartScreen Security Feature Bypass Vulnerability with a CVSS score of 7.6. This flaw can be triggered by an authorized attacker to bypass the SmartScreen user experience by sending a malicious file to the user and convincing them to open it.

Trend Micro researchers have reported that the APT group Water Hydra used the CVE-2024-21412 flaw in a zero-day attack chain. Researcher Will Dormann suggests that this flaw results from a partial fix of another vulnerability, CVE-2023-36025, which did not account for a .URL file pointing to another .URL file.

Under the Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies must address these identified vulnerabilities by a specified due date to protect their networks from attacks exploiting the flaws in the catalog. CISA has ordered federal agencies to fix these vulnerabilities by March 5, 2024. Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their own infrastructure.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.