Analysis of a Flaw in Microsoft's Patch for "-copy2pwn"- (CVE-2024-38213) - #CVE-2024-38213
A critical Windows vulnerability, CVE-2024-38213 known as "Copy2Pwn," allowed attackers to bypass the Mark-of-the-Web (MotW) security feature by exploiting WebDAV file handling. Discovered by Trend Micro's Zero Day Initiative while investigating DarkGate malware campaigns, this zero-day flaw enabled malicious files to evade Windows Defender SmartScreen and Microsoft Office Protected View. Active exploitation began in March 2024, with threat actors like Water Hydra using it to distribute malware. Microsoft addressed the issue in their June 2024 Patch Tuesday update, but initial attempts to fix the vulnerability were incomplete. A subsequent update and micropatch for legacy systems were released to fully resolve the security risk, highlighting the importance of prompt patching and continuous threat hunting in cybersecurity.