Trend Micro’s Zero Day Initiative (ZDI) has detailed a recently patched zero-day vulnerability that cybercriminals have exploited to bypass Windows protections.
The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it was only disclosed when the tech giant released the August 2024 Patch Tuesday updates. It was one of the six zero-days disclosed with this round of updates.
ZDI’s threat hunting team discovered CVE-2024-38213 during its analysis into attacks conducted as part of a campaign named DarkGate by a threat group tracked as Water Hydra and DarkCasino.
This threat actor had previously exploited a zero-day tracked as CVE-2024-21412 to bypass Windows protections in attacks aimed at financial market traders.
https://www.securityweek.com/copy2pwn-zero-day-exploited-to-bypass-windows-protections/