Windows SmartScreen Security Feature Bypass Vulnerability

CVE-2024-21351

7.6HIGH

Key Information:

Vendor: Microsoft
Status: Windows 11 Version 23h2; Windows 11 Version 22h3; Windows 10 Version 1809; Windows Server 2019
Vendor: CVE Published:; 13 February 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The Windows SmartScreen security feature bypass vulnerability can potentially allow attackers to evade the SmartScreen filter, which is designed to protect users from phishing attacks and malicious downloads. By exploiting this flaw, a malicious actor could circumvent security measures, enabling them to deliver harmful payloads to unsuspecting users. This vulnerability highlights the importance of maintaining up-to-date protections and the continued enhancement of security mechanisms in software products.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20469

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.6709

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5458

News Articles

GBHackers

CVE-2024-21351 CVE-2024-21412

Microsoft Patch Tuesday 2024 : 73 Security Flaws

Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited.

4 months ago

Security Affairs

CVE-2024-21412 CVE-2024-21351

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.

11 months ago

Malwarebytes

CVE-2024-21413 CVE-2024-21351

Update now! Microsoft fixes two zero-days on February Patch Tuesday | Malwarebytes

Microsoft has issued patches for 73 security vulnerabilities in its February 2024 Patch Tuesday. Among these vulnerabilities are two zero-days that are reportedly being used in the wild.

11 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Feb 13, 2024
🦅
CISA Reported
Feb 13, 2024
📰
First article discovered by Help Net Security
Feb 13, 2024
Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Dec 8, 2023

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed8 News Article(s)