1. Home
  2. Vulnerabilities
  3. CVE-2023-32049

CVE-2023-32049

CVSS v3.1 8.8 (High)
88% Progress
EPSS 2.16 % (90th)
2.16% Progress
Affected Products 9
Advisories 2
Info CVSS EPSS Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows SmartScreen Security Feature Bypass Vulnerability

Weaknesses
CWE-NVD-noinfo
CVE Status
PUBLISHED
CNA
Microsoft Corporation
Published Date
2023-07-11 18:15:13
(14 months ago)
Updated Date
2023-07-13 20:02:38
(14 months ago)
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049; https://nvd.nist.gov/vuln/detail/CVE-2023-32049
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2023-07-11
(14 months ago)
Due Date
2023-08-01
(13 months ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1607 prior 10.0.14393.6085 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.6085
  Microsoft Windows 10 1809 prior 10.0.17763.4645 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.4645
  Microsoft Windows 10 21h2 prior 10.0.19041.3208 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19041.3208
  Microsoft Windows 10 22h2 prior 10.0.19045.3208 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.3208
  Microsoft Windows 11 21h2 prior 10.0.22000.2176 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.2176
  Microsoft Windows 11 22h2 prior 10.0.22621.1992 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.1992
  Microsoft Windows Server 2016 cpe:2.3:o:microsoft:windows_server_2016:-
  Microsoft Windows Server 2019 cpe:2.3:o:microsoft:windows_server_2019:-
  Microsoft Windows Server 2022 cpe:2.3:o:microsoft:windows_server_2022:-