Business Daily Media

The Times


.

Trend Micro Discovers Actively Exploited Vulnerability Affecting Millions of Users: Customers Already Protected

Bug allowing attackers to bypass critical protections uncovered by Trend’s Zero Day Initiative

HONG KONG SAR - Media OutReach Newswire - 15 February 2024 - Trend Micro Incorporated (TYO: 4704; TSE: 4704) a global cybersecurity leader, announced its discovery of a vulnerability in Microsoft Windows Defender that is actively being exploited by cyberthreat group Water Hydra.

Trend discovered the vulnerability on December 31, 2023 and Trend customers have been automatically protected since January 1, 2024. Organizations are advised to take immediate action in response to the ongoing active exploitation of this vulnerability by cybercriminals.

This (CVE-2024-21412) is an active zero-day vulnerability that was disclosed by Trend Micro's Zero Day Initiative™ (ZDI) to Microsoft and is being published for the first time today.

Trend protects its customers by issuing virtual patches an average of 51 days before patches are released, including this zero-day for Microsoft. For all other vendors, the average time to actually protect their customers was 96 days. Trend estimates that customers who applied all virtual patches in 2023 saved an average of $1M for their enterprise.

Mark Houpt, CISO, Databank: "We have experienced first-hand the advantages of being under the protective umbrella of Trend Micro. Their unparalleled threat intelligence allows us to be proactively shielded against emerging threats. By implementing their virtual patches, we've managed to stay ahead of potential exploit attempts, securing our systems and allowing our customers to have confidence that their systems are secured long before official patches become available. It's a crucial part of our cybersecurity strategy, giving us peace of mind and significant cost savings in potential breach prevention."

When a new zero-day vulnerability is discovered, Trend responsibly discloses to the vendor. Trend customers then benefit from virtual patching to protect their systems from exploitation until an official patch can be applied.

Kevin Simzer, COO at Trend: "Zero-day vulnerabilities are an increasingly popular way for threat actors to achieve their goals. This is one reason we invest so deeply in threat intelligence, so we can keep our customers protected months before official vendor patches are released. We are proud to be creating a world with less cyber risk."

The critical risk is that vulnerabilities can be exploited by bad actors targeting any number of industries or organizations. This one is being actively exploited by the financially motivated APT group to compromise foreign exchange traders participating in the high-stakes currency trading market.

Specifically, it's used in a sophisticated zero-day attack chain to enable a Windows Defender SmartScreen bypass. Attacks are designed to infect victims with the DarkMe remote access trojan (RAT) for potential data theft and ransomware.

Using layers of defense to mitigate advanced threats, Trend's intrusion prevention system (IPS) capabilities delivered virtual patching by completely blocking the exploitation of CVE-2024-21412.

Trend Vision One™ automatically identifies critical vulnerabilities and provides visibility into all affected endpoints and their possible impact on an organization's overall risk. Trend's proactive approach to risk management reduces the need for last-minute reactive measures on "disclose day" and ensures customers are well-prepared to mitigate risks with confidence.

By contrast, organizations relying solely on a legacy endpoint detection and response (EDR) approach may be left exposed to the threat if their attackers use advanced techniques to avoid detection.

The power of the ZDI, the world's largest vendor-agnostic bug bounty program, to find and then feed intelligence into virtual patching has become increasingly important in light of two key trends identified by Trend:

  • The zero-day vulnerabilities discovered by cybercrime groups are increasingly deployed in attack chains by nation-state groups like APT28, APT29, and APT40, broadening their reach.
  • CVE-2024-21412 is itself a simple bypass of CVE-2023-36025, highlighting how easily APT groups can identify and circumvent narrow vendor patches.

To see more on the value of this news, please visit: https://www.youtube.com/watch?v=yY08S4-aICA

To read more technical information on how this occurred, please visit: https://www.trendmicro.com/en_us/

Note: Microsoft has issued a patch for CVE-2024-21412: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412
Hashtag: #trendmicro #trendvisionone #visionone #cybersecurity





The issuer is solely responsible for the content of this announcement.

About Trend Micro

Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro's cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world.

News from Asia

Peach Garden Celebrates Mid-Autumn Festival with Singapore Flyer-Inspired Mooncake Keepsake Gift Set

SINGAPORE - Media OutReach Newswire - 13 July 2026 - Peach Garden has unveiled its 2026 Mid-Autumn mooncake collection, headlined by the Graceful Showstopper, a keepsake gift set inspired by the...

Skyro Rolls Out Reusable Digital Credit Across the Philippines, Explores Opportunities in Southeast Asian Markets

MANILA, PHILIPPINES - Media OutReach Newswire - 13 July 2026 - Skyro, a digital-first consumer finance platform, today announced the nationwide rollout of SkyroCredit, its reusable digital credit ...

UEM Edgenta Cements Role In Delivering Pan Borneo Highway Sarawak

Empowering Local Workforce For Future Mega-ProjectsKUALA LUMPUR, MALAYSIA - Media OutReach Newswire - 13 July 2026 - UEM Edgenta Berhad ("UEM Edgenta" or "the Company"), a leading Asset Management...

LEGOLAND® Discovery Centre Hong Kong Generously Presents This Summer: "The True NINJAGO® Trials"

Calling All Little Ninjas Across the City! Team Up to Battle Elemental Monsters and Celebrate 15 Years of NINJAGO®HONG KONG SAR - Media OutReach Newswire - 13 July 2026 - LEGO®NINJAGO®stands as o...

Happitat Unveils the New Global Landmark of Happiness, Opening 21 August

BANGKOK, THAILAND - Media OutReach Newswire - 13 July 2026 - Happitat today announced its official opening on 21 August2026, introducing the New Global Landmark of Happiness and the world's first...

OPEC Fund provides US$50 million to SeABank to boost small business and climate finance in Viet Nam

HANOI, VIETNAM - Media OutReach Newswire - 13 July 2026 - The OPEC Fund for International Development (the OPEC Fund) is providing a US$50 million loan to Southeast Asia Commercial Joint Stock Ban...

Hong Kong probate resource HK Probate Lawyer launches free wills-education site HK Wills Help to help the public plan ahead in plain language

As Hong Kong's population ages, the platform aims to lower the knowledge barrier around wills and estate administration and reduce future family disputes.HONG KONG SAR - Media OutReach Newswire - ...

DFT and OSMEP Invite Guangzhou Consumers to Discover Premium Thai Rice at "Thai Rice Roadshow"

BANGKOK, THAILAND - Media OutReach Newswire - 13 July 2026 - The Department of Foreign Trade (DFT), Ministry of Commerce of Thailand, together with the Office of Small and Medium Enterprises Pr...

2026 China Chief Economist Forum Held in Hong Kong, Focusing on 15th Five-Year Plan Opportunities

HONG KONG SAR - EQS Newswire - 13 July 2026 - On the afternoon of July 9, the 2026 China Chief Economist Forum (Hong Kong) was held at the Hong Kong Convention and Exhibition Centre in Wan Chai...

PolyU signs tripartite MoU with Dassault Systèmes and PAIEvo in Paris to advance cross-continental collaboration in research innovation

HONG KONG SAR - Media OutReach Newswire - 13 July 2026 - The Hong Kong Polytechnic University (PolyU) has signed a tripartite strategic Memorandum of Understanding (MoU) in Paris with globally ren...

Selling a Small Business in Australia: Understanding the Capital Gains Tax Concessions

For many Australian business owners, selling a business represents the reward for years—sometimes decades—of hard work. Unlike employees who may bu...

Australian businesses lean into global strategic partnerships (GCCs) for next wave of outsourcing

The Australian corporate landscape is undergoing a fundamental transformation in how it sources talent and innovation. While businesses have traditi...

The New Pressure Gap Crushing Small Businesses

Starting any business and making it prosper is a major undertaking. Part of the challenge is managing the uncertainty, but the financial pressures o...

Click Frenzy returns with a free EOFY sale event for retailers this month

New owners Gabby and Hezi Leibovich bring back Australia’s leading ecommerce sales event with Australia Post as Major Sponsor   Click Frenzy is ...

The 95 Per Cent Failure Rate Is Not An AI Problem

Most Australian SMEs I speak with are already having a go at AI. Some are running formal pilots, others have a team member quietly experimenting o...

New AR tech helping to solve field service skills crisis

AI-enabled augmented reality (AR) smart glasses are emerging as a new practical solution to fill a shortage of field service technicians maintaini...