Windows SmartScreen Security Feature Bypass Vulnerability
CVE-2024-21351

7.6HIGH

Key Information:

Vendor
Microsoft
Status
Windows 11 Version 23h2
Windows 11 Version 22h3
Windows 10 Version 1809
Windows Server 2019
Vendor
CVE Published:
13 February 2024

Badges

๐Ÿ‘พ Exploit Exists๐Ÿฆ… CISA Reported๐Ÿ“ฐ News Worthy

Summary

The Windows SmartScreen security feature bypass vulnerability can potentially allow attackers to evade the SmartScreen filter, which is designed to protect users from phishing attacks and malicious downloads. By exploiting this flaw, a malicious actor could circumvent security measures, enabling them to deliver harmful payloads to unsuspecting users. This vulnerability highlights the importance of maintaining up-to-date protections and the continued enhancement of security mechanisms in software products.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20469

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.6709

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5458

News Articles

favicon imageCrowdStrike

February 2024 Patch Tuesday: Updates and Analysis

Microsoft has released security updates for 73 vulnerabilities, including two zero-days, for its February 2024 Patch Tuesday rollout.

favicon imageGBHackers

Microsoft Patch Tuesday 2024 : 73 Security Flaws

Microsoft has published patches to address 73 security flaws, including two zero-day vulnerabilities that have been actively exploited.

favicon imageSecurity Affairs

CISA adds Microsoft Windows bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds 2 Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿฆ…

    CISA Reported

  • ๐Ÿ“ฐ

    First article discovered by Help Net Security

  • Vulnerability published

  • Vulnerability Reserved

.