ZDI recently discovered vulnerability CVE-2024-21412, a Microsoft Defender SmartScreen bypass that enables threat actors to initiate attacks on Windows machines.

This vulnerability, which we track as ZDI-CAN-23100, was used as part of a sophisticated zero-day attack chain by the advanced persistent threat (APT) group we track as Water Hydra (a.k.a DarkCasino), which previously targeted financial market traders. 

In December 2023, our researchers observed that CVE-2024-21412 was being exploited in the wild by Water Hydra and, even more recently, our researchers discovered a second, unidentified group trying to exploit it as well. 

Section 1 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 1 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Peter Girnus
Senior Threat Researcher, Trend Micro Zero Day Initiative (ZDI)

Aliakbar Zahravi
Malware Reverse Engineer and Team Lead, Trend Micro

Dustin Childs
CISSP, Head of Threat Awareness, Trend Micro Zero Day Initiative (ZDI)

Tom Bouathong
Principal Sales Engineer, Trend Vision One™

Gain insight into: 

• The Microsoft Defender SmartScreen CVE-2024-21412 vulnerability
• How you can protect your organization from other zero-day vulnerabilities
• How Trend Micro customers have been protected since January 17

Additional insights:

• Get all resources on the SmartScreen vulnerability
• Video: Vulnerability Overview
• Trend™ Research blog: SmartScreen Vulnerability: CVE-2024-21412 Facts and Fixes
• Trend Micro™ Zero Day Initiative™ (ZDI) blog: The February 2024 Security Update Review

Section 3 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 3 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 4 - Column 1. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 4 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 4 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 4 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 5 - Column 1. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 5 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 5 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 5 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.