According to Google’s Threat Analysis Group, thieves are using a Microsoft SmartScreen bug to spread Magniber ransomware, potentially infecting hundreds of thousands of computers, without setting off any security alarms (TAG). The in-the-wild vulnerability was found by TAG, and it was reported to Microsoft last month. During its weekly Patch Tuesday event, Redmond has now corrected the Windows-Office vulnerability, identified as CVE-2023-24880.
It’s connected to the CVE-2022-44698 Windows SmartScreen security feature bypass vulnerability, which Microsoft patched in December, but not before criminals discovered it and used it to spread the same malware.