Mitigation Instructions for Microsoft Windows CVE-2024-21412

SUBJECT: Mitigate Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability (CVE-2024-21412)

TECH STACK:  Microsoft Windows (all supported versions)

DATE(S) ISSUED:  02/13/2024

NVD Last Modified: 02/14/2024

CRITICALITY: High (CVSS Score: 8.1) - Microsoft considers this vulnerability actively exploited.

OVERVIEW: 

This document outlines mitigation steps to address a vulnerability (CVE-2024-21412) in Microsoft Windows that allows attackers to bypass security features associated with internet shortcut files (.url files). This could potentially allow attackers to execute malicious code on your system.

MITIGATION INSTRUCTIONS:

• Install Security Updates:

• This is the recommended and most effective mitigation.
• Apply the latest security updates from Microsoft as soon as possible. These updates are expected to address this vulnerability. You can check for updates through Windows Update or the Microsoft Security Response Center (MSRC) website:

• Disable Automatic Opening of Unidentified Files:

• Configure your system to prompt you before opening downloaded .url files, especially those from untrusted sources. This can be done through your file association settings.

• Exercise Caution When Downloading and Opening Files:

• Be cautious when downloading .url files from the internet, especially from untrusted sources.
• Only download files from websites you trust and verify the file's authenticity before opening it.

• Disable Macros in Office Documents (Optional):

• Disabling macros in Office documents can help to prevent them from being used to exploit vulnerabilities. However, this may also prevent legitimate macros from running.

• Consider Disabling .url File Type Association (Last Resort):

• As a last resort, consider disabling the file association for .url files. This will prevent them from automatically opening when clicked. However, this will also prevent legitimate .url files from functioning properly.

Confirmation & Additional Information:

• Monitor Microsoft Security Response Center (MSRC) for updates and patches:
• Consider deploying additional security measures like application whitelisting and user education.

• CISA Known Exploited Vulnerabilities Catalog

• Note: Although the NVD page for this vulnerability is still under analysis, Microsoft considers it actively exploited. Therefore, it is crucial to take these mitigations seriously and apply them as soon as possible.