Trend Micro Discovers Actively Exploited Vulnerability Affecting Millions of Users: Customers Already Protected
Bug allowing attackers to bypass critical protections uncovered by Trend's Zero Day Initiative
Trend discovered the vulnerability on
This (CVE-2024-21412) is an active zero-day vulnerability that was disclosed by
Trend protects its customers by issuing virtual patches an average of 51 days before patches are released, including this zero-day for Microsoft. For all other vendors, the average time to actually protect their customers was 96 days. Trend estimates that customers who applied all virtual patches in 2023 saved an average of
Mark Houpt, CISO, Databank: "We have experienced first-hand the advantages of being under the protective umbrella of
When a new zero-day vulnerability is discovered, Trend responsibly discloses to the vendor. Trend customers then benefit from virtual patching to protect their systems from exploitation until an official patch can be applied.
The critical risk is that vulnerabilities can be exploited by bad actors targeting any number of industries or organizations. This one is being actively exploited by the financially motivated APT group to compromise foreign exchange traders participating in the high-stakes currency trading market.
Specifically, it's used in a sophisticated zero-day attack chain to enable a Windows Defender SmartScreen bypass. Attacks are designed to infect victims with the DarkMe remote access trojan (RAT) for potential data theft and ransomware.
Using layers of defense to mitigate advanced threats, Trend's intrusion prevention system (IPS) capabilities delivered virtual patching by completely blocking the exploitation of CVE-2024-21412.
Trend Vision One™ automatically identifies critical vulnerabilities and provides visibility into all affected endpoints and their possible impact on an organization's overall risk. Trend's proactive approach to risk management reduces the need for last-minute reactive measures on "disclose day" and ensures customers are well-prepared to mitigate risks with confidence.
By contrast, organizations relying solely on a legacy endpoint detection and response (EDR) approach may be left exposed to the threat if their attackers use advanced techniques to avoid detection.
The power of the ZDI, the world's largest vendor-agnostic bug bounty program, to find and then feed intelligence into virtual patching has become increasingly important in light of two key trends identified by Trend:
- The zero-day vulnerabilities discovered by cybercrime groups are increasingly deployed in attack chains by nation-state groups like APT28, APT29, and APT40, broadening their reach.
- CVE-2024-21412 is itself a simple bypass of CVE-2023-36025, highlighting how easily APT groups can identify and circumvent narrow vendor patches.
To see more on the value of this news, please visit: https://www.youtube.com/watch?v=yY08S4-aICA
To read more technical information on how this occurred, please visit : https://www.trendmicro.com/en_us/
About
View original content:https://www.prnewswire.com/news-releases/trend-micro-discovers-actively-exploited-vulnerability-affecting-millions-of-users-customers-already-protected-302061023.html
SOURCE