Patch Tuesday February 2024 today and Microsoft released fixes for 72 CVE-numbered Windows 11 23H2 and 22H2 (KB5034765) vulnerabilities, along with two zero-days (CVE-2024-21412, CVE-2024-21351) that are already being used by malicious users.
Η CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen security feature with trapped Shortcut files with web addresses.
In late December 2023, Trend Micro researcher Peter Girnus and his colleagues in the ZDI Threat Hunting team discovered the Water Hydra APT exploiting the flaw to infect victims with the DarkMe malware.
Several other researchers, including two from Google's threat analysis team, later reported the same vulnerability to Microsoft.
Η CVE-2024-21351 allows bypassing the Windows SmartScreen security feature, which can be exploited to deliver malware by convincing potential victims to open a trapped file.
"The vulnerability allows malicious users to inject code into SmartScreen and potentially execute it, which could potentially lead to data exposure, system unavailability, or both," Microsoft said.
If you are using Windows, it would be a good idea to update.
You can download the update from Microsoft Catalog