Windows Mark of the Web Security Feature Bypass Vulnerability
Key Information
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 10 September 2024
Badges
Summary
Windows Mark of the Web Security Feature Bypass Vulnerability
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-38217 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1809 < 10.0.17763.6293
Windows Server 2019 < 10.0.17763.6293
Windows Server 2019 (Server Core installation) < 10.0.17763.6293
News Articles
The Cyber Express CVE-2024-38217CVE-2024-38014September 2024 Patch Tuesday: Essential Zero-Day Fixes
Microsoft’s September 2024 Patch Tuesday includes crucial updates for four zero-day vulnerabilities and other updates for product enhancements.
2 months ago
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused…
2 months ago
Microsoft fixes Windows Smart App Control zero-day exploited since 2018
​Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.
2 months ago
CVSS V3.1
Timeline
- đź‘ľ
Exploit exists.
First article discovered by BleepingComputer
Vulnerability published.
Vulnerability Reserved.