A severe vulnerability (CVE-2024-21412) has been found in the Windows SmartScreen security feature that is capable of being exploited by attackers to allow the execution of malicious software without triggering security warnings.
This vulnerability is being actively exploited by several threat groups, including the notorious Water Hydra, by using Extended Validation certificates to deceive users into trusting malicious files, allowing the threat groups to stealthily deploy malware on victim’s computers.
The cyber security firmKXI Digital found the flaw and reported that the threat actors were able to use their methods to get around Microsoft’s code signing requirements.
Furthermore, the researchers warned that due to the flaw’s ease of exploitation and the accessibility of EV certificates, it might soon become a favorite infection route for malware distributors.
In order to avoid potential exploitation, users and organizations are advised to update their systems as soon as Microsoft releases a patch.