// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of March 11, 2024
Signal Brief · Archived

Week of March 11, 2024

2024-03-11 — 2024-03-17 · 4 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of March 11, 2024, ColdRecon logged 4 public endpoint-security events from open-source reporting — 3 vuln disclosures, 1 incident. Vendors in the record this week: Microsoft, Zemana, Checkmk.

The Week's Public Record

Events

2024-03-14
vuln disclosure
CVE-2024-1853: Zemana AntiLogger Arbitrary Process Termination via IOCTLCVE-2024-1853
CVE-2024-1853 is a denial-of-service vulnerability in Zemana AntiLogger v2.74.204.664. The flaw exists in the zam64.sys and zamguard64.sys kernel drivers, allowing a local low-privilege attacker to terminate arbitrary processes by sending a crafted IOCTL request with code 0x80002048. This can cause system instability or disable security software.
2024-03-13
incident
ACR Stealer Exploits CVE-2024-21412 to Bypass Microsoft Defender SmartScreenCVE-2024-21412
ACR Stealer, a malware-as-a-service infostealer, is actively exploiting CVE-2024-21412 to bypass Microsoft Defender SmartScreen. The attack chain uses phishing emails with malicious links to WebDAV-hosted internet shortcuts, leading to DLL sideloading and execution of the payload. This allows the malware to steal sensitive information without triggering SmartScreen warnings.
2024-03-12
vuln disclosure
Microsoft Defender Security Feature Bypass Vulnerability CVE-2024-20671CVE-2024-20671
A vulnerability in Microsoft Defender allows local attackers with low privileges to bypass security features due to incorrect default permissions. The flaw has a CVSS score of 5.5 and primarily impacts system availability. Microsoft released a patch on March 12, 2024.
2024-03-11
vuln disclosure
Local Privilege Escalation via writable files in Checkmk AgentCVE-2024-0670
A local privilege escalation vulnerability exists in Checkmk Agent versions 2.0.0, 2.1.0, and 2.2.0. The agent creates temporary .cmd files in C:\Windows\Temp with predictable names and executes them with SYSTEM privileges. An attacker with local access can place a malicious file in that directory to achieve privilege escalation.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →