Microsoft has released a patch to address two zero-day vulnerabilities
Microsoft has released a major update that addresses 2 critical zero-day vulnerabilities, as well as a number of other security flaws. The patch solves the problem of proxy driver spoofing and the SmartScreen security feature bypass vulnerability.
Microsoft has released a major update that addresses critical zero-day vulnerabilities. This patch resolves a proxy driver spoofing issue known as CVE-2024-26234 and a SmartScreen security feature bypass vulnerability known as CVE-2024-29988.
The first zero-day vulnerability was discovered in December 2023 by cybersecurity company Sophos. It was identified as a malicious executable file signed with a Microsoft Windows Hardware Compatibility Publisher (WHCP) certificate.
CVE-2024-26234 acts as a backdoor by intercepting and monitoring network traffic, and is associated with LaiXi Android Screen Mirroring software developed by Hainan YouHu Technology Co. Ltd.
The second vulnerability, CVE-2024-29988, is based on an insufficient security patch applied to bug CVE-2024-21412. It uses a special file to bypass Microsoft Defender SmartScreen protection.
Microsoft says that to exploit it, an attacker must convince a user to run malicious files using an application that does not display a user interface. In this case, infected files may be distributed via email or instant messages.
The update also contains fixes for 147 other security flaws, ranging in severity from important to low.
What's Your Reaction?
![Transfer/ Postings Senior Superintendent Police Hyderabad [Notifications]](https://pakweb.pro/uploads/images/202402/image_100x75_65d7bb0f85d5f.jpg)
