Menu
This article covers recent vulnerabilities found to be actively exploited. They are categorised based not only on the category of exploitation, but their impact, and versions affected. This article also informs on any official fix and remediation guidance for the listed vulnerabilities.
Category: Bypass Or Failure Of Protection Mechanism
Affected Desktop Operating Systems:
Affected Server Operating Systems:
SmartScreen contains a user interface security vulnerability that allows attackers to bypass intended user interface warnings of dangerous operations. This vulnerability is related to CVE-2024-21412, which was discovered in the wild and first addressed in February, The first patch did not completely resolve the second part of that exploit chain. An attacker could exploit this vulnerability by convincing a victim to open a malicious file (e.g. using social engineering tactics such as an external link or malicious attachment sent over email, instant messages or social media).
You can help protect your system by installing the security update update from Microsoft.
This update will be downloaded and installed automatically from Windows Update, and will automatically sync for customers using Windows Server Update Services (WSUS). To get the standalone package for this update, go to the Microsoft Update Catalog website.
Install the update, and refer to the advisory for any further configuration that may be required. After you install this update, you may have to restart your system.
NOTE: Remediation of this vulnerability by patching to a specific version indicated may not be sufficient to secure the product against further vulnerabilities discovered in later versions, subsequent to the publication of this guidance. Unless contra-indicated, customers are therefore advised to always upgrade to the latest version of the product available.
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
No software to download or install.
Contact us or call us 0113 887 8380
AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)
