Skip to content
Menu
IT-DRAFTS
  • About
  • My Statistics at Microsoft Q&A
  • Privacy policy
IT-DRAFTS
April 10, 2024

Microsoft has fixed two zero-day vulnerabilities

Microsoft has addressed two zero-day security vulnerabilities in Windows that have been used in real-world attacks.

Microsoft has fixed two actively exploited zero-day vulnerabilities as part of the Patch Tuesday release on April 9th, 2024. Although the company did not initially recognize these vulnerabilities as such, they were identified and addressed in the latest update.

CVE-2024-26234: Proxy Driver Forgery
A vulnerability, registered under the identifier CVE-2024-26234, was identified as a proxy driver forgery. The vulnerability was found when tracking a malicious file that was signed using a valid Microsoft Hardware Publisher certificate. This file was discovered by Sophos X-Ops in December 2023 and was designated as the “Catalog Authentication Client Service” from the “Thales Catalog”.
Further investigation revealed that this file is likely an attempt to impersonate the Thales group, as it was previously linked to LaiXi, a marketing software for Android screen mirroring.

After the initial publication of the security bulletin, Redmond updated the exploitation status of CVE-2024-26234 to confirm that the vulnerability had been used in real-world attacks and had been publicly disclosed. Other malicious drivers signed with legitimate WHCP certificates had previously been reported in July 2023 and December 2022, but Microsoft had published security tips instead of assigning CVE IDs at that time.

CVE-2024-29988: Bypassing the Mark of the Web Protection
A second zero-day vulnerability, which was discreetly patched by Microsoft, has been registered as CVE-2024-29988. This vulnerability is described as a flaw that allows bypassing the SmartScreen security feature, and is caused by a weakness in the protection mechanism.
CVE-2024-29988 is related to CVE-2024-21412 and was disclosed by Peter Girnus from Trend Micro’s Zero Day Initiative, as well as Dmitry Lenz and Vlad Stolyarov from Google’s Threat Analysis Group. Dustin Childs, Head of Threat Awareness at ZDI, noted that the vulnerability has been actively used in attacks to deploy malware on Windows systems after bypassing detection mechanisms such as EDR/NDR and the Mark of the Web (MotW).

The commercial hacker group, Water Hydra, exploited CVE-2024-29988 and CVE-2024-21412, a zero-day vulnerability that was used on New Year’s Eve, to attack Forex trading forums and stock trading channels on Telegram. They did this by using “spear phishing” attacks and deploying a remote access Trojan (RAT), Dark Me. CVE-2024-21412 was a workaround for another vulnerability, CVE-2023-36025, which was fixed in November 2023. This vulnerability was exploited by the Ephemeral malware.
On April 9th, 2024, Microsoft released security patches for 150 vulnerabilities as part of Patch Tuesday. 67 of these were remote code execution vulnerabilities.

Categories

ActiveDirectory AI Azure AzureAI azurefirewall azuresecurity cloudarchitecture cloudnetworking CloudSecurity Conditional Access Copilot Cybersecurity cybersecuritytools DataProtection DataSecurity DevOps devsecops DNS enterpriseai Entra entraID Howto hybridcloud Innovation licensing Microsoft Microsoft365 Microsoft AI MicrosoftAzure microsoftcloud Microsoft Product microsoftsecurity MicrosoftSentinel MS Entra MSteams network networksecurity Security SoftwareUpdate TechNews updates Windows Windows10 Windows11 zeroTrust

Archives

  • July 2025
  • June 2025
  • May 2025
  • February 2025
  • October 2024
  • September 2024
  • July 2024
  • June 2024
  • May 2024
  • April 2024
  • March 2024
No comments to show.

Recent Comments

Recent Posts

  • SCCM-to-Intune Migration: The Cloud Apocalypse Survival Checklist
  • 💀 SCCM Is Dead. Long Live the Cloud Overlord Intune.
  • 🌊 Sentinel Data Lake — All Your Logs in One …..
  • Microsoft Sentinel: Now Smarter, Meaner, and Autogenerating Paranoia
  • Windows is dead, but still breathing cash
©2025 IT-DRAFTS | Powered by WordPress and Superb Themes!