{"id":55319,"date":"2024-02-14T01:47:58","date_gmt":"2024-02-14T01:47:58","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/"},"modified":"2024-02-14T01:47:58","modified_gmt":"2024-02-14T01:47:58","slug":"crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/","title":{"rendered":"Crims found and exploited these two Microsoft bugs before Redmond fixed &#8217;em"},"content":{"rendered":"<p><span class=\"label\">Patch Tuesday<\/span> Microsoft fixed 73 security holes in this February&#8217;s Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.<\/p>\n<p>Of the whole bundle five are rated critical and two others, rated important and moderate threats, are the pair being exploited in the wild.<\/p>\n<p>First up: <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21412\">CVE-2024-21412<\/a>, an internet shortcut file security feature bypass vulnerability that earned an 8.1-out-of-10 CVSS severity rating though Redmond only considers it important. After a user clicks on a maliciously crafted shortcut file on a vulnerable Windows machine, the file can start the next stage of an attack without causing security checks to appear on the screen.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Trend Micro&#8217;s Zero Day Initiative researchers were among those to spot the bug and report it to Redmond. According to Trend\u2019s researchers, a financially motivated gang it tracks as Water Hydra (aka DarkCasino) <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/24\/b\/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html\">abused<\/a> this bypass flaw to trick financial traders into ultimately infecting their PCs with DarkMe \u2013 a remote-access trojan seeded in forex trading forums and stock trading Telegram channels.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>This same crew previously used the WinRAR code execution vulnerability <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-38831\">CVE-2023-38831<\/a> months before it was disclosed, again to target stock traders with the same malware. Shortly thereafter, <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/12\/06\/fancy_bear_phishing_microsoft\/\" rel=\"noopener\">Russian<\/a> and <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/10\/18\/china_russia_winrar\/\" rel=\"noopener\">Chinese crews<\/a> joined in and <em>The Register<\/em> expects to see a similar pile-on with CVE-2024-21412. So patch this one ASAP.<\/p>\n<p>The second Microsoft vulnerability that&#8217;s under active exploit (also rated moderate), <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/advisory\/CVE-2024-21351\">CVE-2024-21351<\/a>, is a Windows SmartScreen security feature bypass vulnerability that earned a 7.6 CVSS rating. We don&#8217;t know who is exploiting this bug, nor how widespread the attacks are \u2013 Microsoft rarely provides any insight into either of these things.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Windows uses Mark of the Web as a security feature to identify files downloaded from the internet, which when opened triggers a SmartScreen check. This SmartScreen bypass bug could allow an attacker to &#8220;inject code into SmartScreen and potentially gain code execution, which could potentially lead to some data exposure, lack of system availability, or both,&#8221; according to Redmond.<\/p>\n<p>Exploitation would turn SmartScreen on its own users, therefore.<\/p>\n<p>As for the critical flaws:<\/p>\n<ul>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21380\">CVE-2024-21380<\/a>: Microsoft Dynamics Business Central information disclosure, in that an authenticated user could trick a fellow user into clicking on a link that could lead to the leakage of account data and more.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21410\">CVE-2024-21410<\/a>: Elevation of privilege in Microsoft Exchange Server, which can be exploited by a remote unauthenticated miscreant to impersonate users. Patching this requires <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/released-2024-h1-cumulative-update-for-exchange-server\/ba-p\/4047506\">extra steps<\/a>.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21413\">CVE-2024-21413<\/a>: Remote code execution in Microsoft Office, in that protected view can be bypassed leading &#8220;to the leaking of local NTLM credential information and remote code execution.&#8221;<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-20684\">CVE-2024-20684<\/a>: Denial-of-service in Windows Hyper-V.<\/li>\n<li><a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2024-21357\">CVE-2024-21357<\/a>: Remote code execution in Windows Pragmatic General Multicast.<\/li>\n<\/ul>\n<p>The Zero Day Initiative has a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.zerodayinitiative.com\/blog\/2024\/2\/13\/the-february-2024-security-update-review\">full rundown here<\/a>.<\/p>\n<h3 class=\"crosshead\">Adobe February updates<\/h3>\n<p>Adobe released <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security.html\">six patches<\/a> that fix 29 vulnerabilities in its Commerce, Acrobat and Reader, FrameMaker Publishing Server, Audition, Substance 3D Painter, and Substance 3D Designer products.<\/p>\n<p>Two of the patches fix critical remote code execution (RCE) vulnerabilities present in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/magento\/apsb24-03.html\">Commerce<\/a> and in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/helpx.adobe.com\/security\/products\/acrobat\/apsb24-07.html\">Acrobat and Reader<\/a>. Luckily, none of these CVEs appear to have been found, or exploited, before Adobe issued fixes.<\/p>\n<h3 class=\"crosshead\">SAP stamps out 16 Security Notes<\/h3>\n<p>SAP released <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/support.sap.com\/en\/my-support\/knowledge-base\/security-notes-news\/february-2024.html\">16 Security Notes<\/a> \u2013 13 of which are new and the other three representing updates to earlier patches. SAP has its own threat ranking system and labels two fixes as HotNews and six as High Priority Notes, with the rest being considered medium or low risk.<\/p>\n<p>The only fresh HotNews Note, #3420923, addresses a critical code injection vulnerability in cross-application component SAP_ABA that received a CVSS score of 9.1 out of ten.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>The other HotNews Note this month is a recurring fix for the most recent Chromium vulnerabilities (33 in total) for SAP Business Client.<\/p>\n<h3 class=\"crosshead\">Intel fixes everything<\/h3>\n<p>Intel joined the February patch party with a whopping <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/default.html\">35 advisories<\/a> addressing 79 CVEs. None are rated critical, and none seem to have been exploited in the wild.<\/p>\n<p>Twenty of these vulnerabilities \u2013 including three high-rated bugs \u2013 are in <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00851.html\">Intel Thunderbolt Declarative Componentized Hardware drivers for Windows<\/a>, and exploiting them could lead to escalation of privileges by an attacker, denial of service, and\/or information disclosure.<\/p>\n<p>Intel also sounded the alarm on three high-rated escalation of privilege vulnerabilities in some <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00930.html\">Arm Development Studio for Intel System-on-a-Chip FPGA software<\/a>. There&#8217;s also one high-rated improper access control flaw in some <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.intel.com\/content\/www\/us\/en\/security-center\/advisory\/intel-sa-00947.html\">Intel PROSet\/Wireless and Intel Killer Wi-Fi software<\/a> that may allow an unauthenticated user to cause a denial of service attack via local access.<\/p>\n<p>We should also mention: AMD has <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/resources\/product-security\/bulletin\/amd-sb-8002.html\">patched<\/a> a flaw in the RSA authentication mechanism of its UltraScale and UltraScale+ FPGAs, which can be exploited to inject unauthorized bitstreams into arrays; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/resources\/product-security\/bulletin\/amd-sb-3007.html\">two<\/a> SEV firmware vulnerabilities that potentially affect the security of guest VMs on shared hosts; <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/resources\/product-security\/bulletin\/amd-sb-7009.html\">four<\/a> low-level processor holes, the worst of which could result in privilege escalation; and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.amd.com\/en\/resources\/product-security\/bulletin\/amd-sb-5001.html\">20 flaws<\/a> in its embedded CPU products.<\/p>\n<h3 class=\"crosshead\">Cisco updates some earlier alerts<\/h3>\n<p>Cisco, so far this month, has issued <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/publicationListing.x\">four security advisories<\/a> addressing six CVEs. This includes an updated fix for <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-clamav-hDffu6t\">CVE-2024-20290<\/a> \u2013 a 7.5-rated vulnerability in the OLE2 file format parser of ClamAV that could allow an unauthenticated remote attacker to cause a denial of service condition.<\/p>\n<p>And yesterday, the networking giant <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-expressway-csrf-KnnZDMj3\">updated an advisory<\/a> addressing three vulnerabilities \u2013 collectively rated 9.6 \u2013 in the Cisco Expressway series unified comms kit. The flaws could allow an unauthenticated, remote attacker to conduct cross-site request forgery infiltration.<\/p>\n<h3 class=\"crosshead\">And \u2026 Android<\/h3>\n<p>Finally, earlier this month Google addressed about 30 CVEs in its <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2024-02-01\">February Android security bulletin<\/a>.<\/p>\n<p>The most serious of the bunch, CVE-2024-0031, is &#8220;a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,&#8221; the Chocolate Factory warned. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/02\/14\/patch_tuesday_feb_2024\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>SAP, Adobe, Intel, AMD also issue fixes as well as Google for Android Patch Tuesday\u00a0 Microsoft fixed 73 security holes in this February&#8217;s Patch Tuesday, and you better get moving because two of the vulnerabilities are under active attack.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-55319","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Crims found and exploited these two Microsoft bugs before Redmond fixed &#039;em 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Crims found and exploited these two Microsoft bugs before Redmond fixed &#039;em 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-02-14T01:47:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Crims found and exploited these two Microsoft bugs before Redmond fixed &#8217;em\",\"datePublished\":\"2024-02-14T01:47:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/\"},\"wordCount\":960,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/\",\"name\":\"Crims found and exploited these two Microsoft bugs before Redmond fixed 'em 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-02-14T01:47:58+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Crims found and exploited these two Microsoft bugs before Redmond fixed &#8217;em\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Crims found and exploited these two Microsoft bugs before Redmond fixed 'em 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/","og_locale":"en_US","og_type":"article","og_title":"Crims found and exploited these two Microsoft bugs before Redmond fixed 'em 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-02-14T01:47:58+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Crims found and exploited these two Microsoft bugs before Redmond fixed &#8217;em","datePublished":"2024-02-14T01:47:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/"},"wordCount":960,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/","url":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/","name":"Crims found and exploited these two Microsoft bugs before Redmond fixed 'em 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-02-14T01:47:58+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/patches&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Zcwx9l@Xw@ZzmJHomMdLgQAAAoo&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/crims-found-and-exploited-these-two-microsoft-bugs-before-redmond-fixed-em\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Crims found and exploited these two Microsoft bugs before Redmond fixed &#8217;em"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55319","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=55319"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/55319\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=55319"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=55319"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=55319"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}