Read more: www.cisa.gov
A critical zero-day vulnerability impacting Windows Smart App Control (SAC) and SmartScreen security features, identified as CVE-2024-38217, has been actively exploited since at least 2018. This vulnerability allows attackers to bypass Windows security features and execute malicious code on systems. This vulnerability was patched in Microsoft’s September 2024 Patch Tuesday update. Organizations running vulnerable versions of Windows 10 and 11 must update their systems to the latest versions as soon as possible to mitigate this risk. This vulnerability highlights the importance of promptly applying security updates from vendors to avoid potential attacks.