Copy2Pwn Vulnerability Bypasses Windows Protections - #CVE-2024-38213
A critical vulnerability identified as CVE-2024-38213, also known as 'copy2pwn,' has been actively exploited by threat actors since March 2024. Discovered by Trend Micro's Zero Day Initiative during an investigation into the DarkGate malware campaign, this zero-day flaw allows attackers to bypass Windows' SmartScreen filter by persuading users to open malicious files. This exploit facilitates the local copying of files from a WebDAV server without triggering the Mark-of-the-Web (MotW) security warning, thereby evading Windows Defender SmartScreen and Microsoft Office Protected View checks. Microsoft addressed this vulnerability in the June 2024 Patch Tuesday update. The discovery emphasizes the necessity for constant threat hunting and vulnerability research to identify and mitigate new attack vectors before widespread exploitation. Additionally, Elastic Security Labs revealed a design flaw in Windows Smart App Control and SmartScreen, exploited since 2018, which Microsoft may fix in future updates.