Copy2Pwn Zero-Day Exploited to Bypass Windows Protections

16-August-24

The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it was only disclosed when the tech giant released the August 2024 Patch Tuesday updates. It was one of the six zero-days disclosed with this round of updates. The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it was only disclosed when the tech giant released the August 2024 Patch Tuesday updates. It was one of the six zero-days disclosed with this round of updates. This threat actor had previously exploited a zero-day tracked as CVE-2024-21412 to bypass Windows protections in attacks aimed at financial market traders. According to Microsoft, the newly patched vulnerability, CVE-2024-38213, can be exploited to bypass Defender SmartScreen, which protects Windows users against phishing, malware and other potentially malicious files downloaded from the internet. The Copy2Pwn flaw is related to how files coming from WebDAV shares are handled during copy/paste operations. WebDAV, which stands for Web-based Distributed Authoring and Versioning, extends HTTP functionality, including with authoring, sharing and versioning. Users can host files on WebDAV shares that are accessible through a web browser or through Windows Explorer.

Read More…