Microsoft fixes Windows zero-day exploited in ransomware attacks

Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags.

The attackers have been using malicious MSI files signed with a specially crafted Authenticode signature to exploit this security feature bypass vulnerability (tracked as CVE-2023-24880).

Read more…
Source: Bleeping Computer

Related story: Microsoft fixes Outlook zero-day used by Russian hackers since April 2022