Microsoft Fixed Zero-Day Vulnerability in Windows Systems

TapTechNews August 14th news, Microsoft Corporation today released a security bulletin stating that in the cumulative update released in June this year, it fixed the zero-day vulnerability in the Windows 11 and Windows 10 systems. Hackers can use the Mark of the Web tag to bypass SmartScreen screening.

SmartScreen is a security feature introduced in Windows 8, which can protect users from potential malicious software attacks when opening downloaded files with the Network Marked (MotW) tag.

TapTechNews note: The security vulnerability tracking number of this bulletin is CVE-2024-38213, which can be remotely exploited in a low-complexity attack, but this vulnerability still requires user interaction, so the chance of successful invasion is not large.

Microsoft stated in the security bulletin: An attacker who successfully exploits this vulnerability can bypass the SmartScreen user experience. The attacker must send a malicious file to the user and convince them to open the file.

Although the vulnerability is more difficult to exploit, Peter Girnus, a Trend Micro security researcher, said that hackers have been found to launch attacks using this vulnerability as early as March this year.

Related reading:

Fixed, Microsoft SmartScreen was exposed to a vulnerability: used to distribute DarkGate malicious software