#zeorday — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #zeorday, aggregated by home.social.
-
@TheDustinChilds of Zero Day Initiative alleges that CVE-2024-29988 (8.8 high) was also exploited in the wild and should be marked an exploited zero-day 🔗 https://www.zerodayinitiative.com/blog/2024/4/9/the-april-2024-security-updates-review
This is an odd one, as a ZDI threat researcher found this vulnerability being in the wild, although Microsoft currently doesn’t list this as exploited. I would treat this as in the wild until Microsoft clarifies. The bug itself acts much like CVE-2024-21412 – it bypasses the Mark of the Web (MotW) feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass MotW.
cc:@todb
#zeorday #CVE_2024_29988 #PatchTuesday #Microsoft #vulnerability #eitw #activeexploitation #motw