Zero-Day Vulnerability CVE-2024-21412 in Windows LNK File System Exploited by Government-Linked APT Groups Since 2017
Hacker attacks and Malware: latest news and in-depth analysisNewscurrent events and analysis Cyber security and privacyApplicationsAPTCybercrimeHackermalwarephishingsocial engineeringvulnerabilitiesZero day
The zero-day vulnerability CVE-2024-21412 in the Windows LNK file management system has been exploited since 2017 by 11 government-linked APT groups. This flaw allows bypassing Microsoft Defender SmartScreen, highlighting the limitations of patches and the importance of a proactive approach to cybersecurity. The vulnerability has been used for seven years, underscoring the need for increased vigilance in managing security updates.