Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2023-24880

4.4MEDIUM

Key Information:

Badges

💰 Ransomware👾 Exploit Exists🟣 EPSS 74%🦅 CISA Reported📰 News Worthy

Summary

Windows SmartScreen Security Feature Bypass Vulnerability

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.5786

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.4131

Windows 10 Version 1809 ARM64-based Systems 10.0.0 < 10.0.17763.4131

News Articles

Top 10 Vulnerabilities That Were Exploited the Most In 2023

Some of the vulnerabilities were added to the CISA’s Known Exploited Vulnerabilities catalog marking them as extremely important to patch.

Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880) - Help Net Security

For March 2023 Patch Tuesday Microsoft has fixed 2 vulnerabilities actively exploited in the wild (CVE-2023-23397, CVE-2023-24880).

Exploit for Critical Windows Defender Bypass Goes Public

Exploit for Critical Windows Defender Bypass Goes Public

References

EPSS Score

74% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
4.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Security Boulevard

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • Vulnerability published

  • Vulnerability Reserved

.