Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2024-38217
Key Information:
- Vendor
- Microsoft
- Status
- Windows 10 Version 1809
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Vendor
- CVE Published:
- 10 September 2024
Badges
Summary
Windows Mark of the Web Security Feature Bypass Vulnerability
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Windows 10 Version 1507 32-bit Systems 10.0.0 < 10.0.10240.20766
Windows 10 Version 1607 32-bit Systems 10.0.0 < 10.0.14393.7336
Windows 10 Version 1809 32-bit Systems 10.0.0 < 10.0.17763.6293
News Articles
The Cyber ExpressSeptember 2024 Patch Tuesday: Essential Zero-Day Fixes
Microsoft’s September 2024 Patch Tuesday includes crucial updates for four zero-day vulnerabilities and other updates for product enhancements.
4 months ago
Bug Left Some Windows PCs Dangerously Unpatched
Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused…
4 months ago
Microsoft fixes Windows Smart App Control zero-day exploited since 2018
Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018.
4 months ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 🦅
CISA Reported
- 📰
First article discovered by BleepingComputer
Vulnerability published
Vulnerability Reserved