Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2024-38213

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows 10 Version 1809
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Vendor
CVE Published:
13 August 2024

Badges

👾 Exploit Exists🦅 CISA Reported📰 News Worthy

Summary

The CVE-2024-38213 vulnerability affects the Windows SmartScreen security feature, allowing attackers to bypass it and exploit other vulnerabilities, affecting the ability of the system to protect against potentially malicious software. It has been exploited in the wild and was patched by Microsoft during the June 2024 Patch Tuesday. It can be exploited remotely in low-complexity attacks, but it requires user interaction, making successful exploitation harder to achieve. The vulnerability is part of a larger pattern of SmartScreen vulnerabilities being targeted in attacks, indicating the importance of timely patching and security vigilance to protect against advanced cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Windows 10 Version 1507 32-bit Systems 10.0.10240.0 < 10.0.10240.20680

Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.7070

Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.5936

News Articles

favicon imageThe Cyber Express

Copy2pwn Bypasses Windows Mark Of The Web Security Feature

Researchers uncovered a copy2pwn vulnerability, CVE-2024-38213, that allows threat actors to bypass Windows' Mark-of-the-Web (MotW) protections.

5 months ago

favicon imageForbes

New Windows Cyber Attacks Confirmed—CISA Says Update By September 3

The U.S. Cybersecurity Agency has warned that Windows users must update systems before September 3 as multiple new zero-day attacks are confirmed by Microsoft.

5 months ago

favicon imageBleepingComputer

New Windows SmartScreen bypass exploited as zero-day since March

Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday.

5 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseCISA DatabaseMicrosoft Feed3 News Article(s)
.