Windows MSHTML Platform Security Feature Bypass Vulnerability
CVE-2024-30040

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Windows 10 Version 1809; Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022
Vendor: CVE Published:; 14 May 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

A vulnerability has been identified in the Microsoft Windows MSHTML platform, where a security feature bypass can occur. This flaw allows an attacker to leverage the compromised security settings and potentially execute arbitrary code or perform unauthorized actions within the affected application context. Users and administrators are advised to review the associated security advisory for mitigation steps and updates to ensure overall system integrity.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20651

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.6981

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5820

News Articles

Forbes

CVE-2024-38112 CVE-2024-30040

Microsoft Windows Deadline—10 Days To Update Or Stop Using Your PC

Government issues emergency update warning for all Windows users, with existing security fixes likely “insufficient.”

3 months ago

Telconet CSIRT

CVE-2024-30040 CVE-2024-30051

Microsoft corrige múltiples vulnerabilidades en su Patch Tuesday de mayo 2024 – Telconet CSIRT

Microsoft realiza actualizaciones de seguridad con su Patch Tuesday de mayo del 2024 en el que se aborda un total de 61 fallos de seguridad, que incluyen tres vulnerabilidades Zero Day. En esta edición, se...

5 months ago

Krebs on Security

CVE-2024-30051 CVE-2024-30040

Krebs on Security

The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly...

8 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
May 14, 2024
🦅
CISA Reported
May 14, 2024
📰
First article discovered by CrowdStrike
May 14, 2024
Vulnerability published
May 14, 2024
Vulnerability Reserved
Mar 22, 2024

Key Information:

Badges

Summary

CISA Reported

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

Microsoft Windows Deadline—10 Days To Update Or Stop Using Your PC

Microsoft corrige múltiples vulnerabilidades en su Patch Tuesday de mayo 2024 – Telconet CSIRT

Krebs on Security

References

CVSS V3.1

Timeline