Will Dormann on Nostr: This month's Patch Tuesday addresses a MotW bypass: CVE-2024-38213 Of interest: 1) ...
This month's Patch Tuesday addresses a MotW bypass: CVE-2024-38213
Of interest:
1) Microsoft mentions a SmartScreen bypass, but no mention of Smart App Control (SAC). They do know that SAC is a thing, right?
2) It's a completely different vulnerability credited to Trend Micro. Apparently called copy2pwn, as it involves copy and paste in the attack.
Apparently the Elastic Security labs issue, which doesn't require copy and paste, is not important enough to fix. Or give a CVE to. 🤷♂️
https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2024-38213
Of interest:
1) Microsoft mentions a SmartScreen bypass, but no mention of Smart App Control (SAC). They do know that SAC is a thing, right?
2) It's a completely different vulnerability credited to Trend Micro. Apparently called copy2pwn, as it involves copy and paste in the attack.
Apparently the Elastic Security labs issue, which doesn't require copy and paste, is not important enough to fix. Or give a CVE to. 🤷♂️
https://msrc.microsoft.com/update-guide/en-us/advisory/CVE-2024-38213